From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephane Ouellette <ouellettes@videotron.ca>
Date: Wed, 05 Mar 2003 15:40:35 +0000
Subject: Re: [LARTC] ip rule and transparent proxy.
Message-Id: <marc-lartc-104687910802123@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-104687131224590@msgid-missing>
In-Reply-To: <marc-lartc-104687131224590@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Esteban Ribicic wrote:

>you should try marking squid packets (output chain for example) and then
>add a rule (ip rule ls)..
>in lartc.org http://www.lartc.org/lartc.pdf have plenty of examples.
>  
>

   Unfortunately, this will not work.  It is not possible to route a 
locally-generated packet using a firewall mark because the routing 
decision is taken before the packet is sent to the MANGLE OUTPUT chain. 
  Routing a packet using a firewall mark works only in the PREROUTING 
Netfilter hook.

Stephane Ouellette

>tips: when marking packets on iptables, use hexa not decimal notting.
>try patching the kernel if does not work (http://www.ssi.bg/~ja/) cause
>kernel default source may not work...
>
>and its probably that squid use as source adrres of ip header the ip on
>the default route, so you might have to nat that src to the other
>interface (so packets leave the interface you want and come back in that
>interface and not the other -if they come..- )
>
>greets and good speed.
>
>On Wed, 2003-03-05 at 10:27, Alessandro Ren wrote:
>  
>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/