From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?Fran=E7ois_Delawarde?= Subject: Re-routing of output traffic Date: Wed, 20 Jun 2007 14:06:37 +0200 Message-ID: <4679184D.5090808@wirelessmundi.com> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="iso-8859-1"; format="flowed" To: netfilter@lists.netfilter.org Hello all! If i'm not wrong, outgoing traffic generated by local processes pass=20 through the following: Local Process =3D=3D> OUTPUT [mangle] =3D=3D> OUTPUT [nat] =3D=3D> Reroutin= g =3D=3D>=20 OUTPUT [filter] =3D=3D> POSTROUTING ... I'm interested in using a specific routing table for one of my local=20 processes (the entire story is complicated). I tried the following without success: iptables -t mangle -A OUTPUT -m owner --gid-owner -j=20 MARK --set-mark ip rule add prio 1 fwmark table 12 ip route add default via 192.168.1.1 table 12 But doing the following, it works perfectly: iptables -t mangle -A OUTPUT -m owner --gid-owner -j=20 TOS --set-tos ip rule add prio 1 tos table 12 ip route add default via 192.168.1.1 table 12 I had read that MARKing a paquet could trigger the "Rerouting" part, but=20 it appears that in the real world, the "Rerouting" part takes place only=20 when we actually change something in the packet like TOSing it or=20 DNATing it. Is this a bug, or is it supposed to work that way? Is there anyway of=20 doing what I want using MARKs (and without having to use the ROUTE target)? I'm using iptables 1.3.7 with unpatched debian etch kernel 2.6.18-4. Thank you, Fran=E7ois.