From: Andrew Beverley <andy@andybev.com>
To: Pandu Poluan <pandu@poluan.info>
Cc: netfilter@vger.kernel.org
Subject: Re: [SOLVED] Routing locally generated traffic on fwmark
Date: Thu, 29 Sep 2011 08:53:27 +0100 [thread overview]
Message-ID: <1317282807.26402.58.camel@andybev-desktop> (raw)
In-Reply-To: <CAA2qdGUrc31FekJM6r1_s2COoFi5g5iwfpJeozeLED2pYsy3Fw@mail.gmail.com>
On Thu, 2011-09-29 at 14:32 +0700, Pandu Poluan wrote:
> On Thu, Sep 29, 2011 at 13:51, Andrew Beverley <andy@andybev.com> wrote:
> > On Wed, 2011-09-28 at 23:20 +0100, Andrew Beverley wrote:
> >> Hi,
> >>
> >> I'd like to route locally generated traffic via a particular interface
> >> based on its mark value.
> >>
> >> From what I have researched, this is theoretically possible and lots of
> >> people have tried it, but nobody has got it working.
> >>
> >> Here's my rules:
> >>
> >> # Mark the packets
> >> iptables -A OUTPUT -t mangle -d 89.16.176.81 -j MARK --set-mark 0x800
> >>
> >> # Route the marked packets via routing table T2:
> >> ip rule add fwmark 0x800/0xffff table T2
> >>
> >> # Force T2 packets out of the interface ppp1
> >> ip route add table T2 default dev ppp1 via 94.30.127.76
> >>
> >> # Flush the cache, just in case
> >> ip route flush cache
> >>
> >> However, the packets still go out of the default route (ppp0).
> >
> > I've also added the following, which makes no difference:
> >
> > iptables -t nat -A POSTROUTING -o ppp1 \
> > -j SNAT --to-source 109.224.134.110
> >
> >
>
> Can you post the complete table, i.e., the output of iptables-save ?
>
Thanks for that. After I added the SNAT rule, I forgot to remove an
existing earlier rule that was stopping the packets being marked. Your
email reminded me!
So, the reason it wasn't working for me was the missing SNAT rule after
all. It now works correctly.
Thanks,
Andy
next prev parent reply other threads:[~2011-09-29 7:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-28 22:20 Routing locally generated traffic on fwmark Andrew Beverley
2011-09-29 6:51 ` Andrew Beverley
2011-09-29 7:32 ` Pandu Poluan
2011-09-29 7:53 ` Andrew Beverley [this message]
2011-09-29 8:29 ` [SOLVED] " Pandu Poluan
2011-10-02 13:11 ` Ed W
2011-09-29 10:28 ` Jan Engelhardt
2011-09-29 17:28 ` Andrew Beverley
2011-09-29 17:35 ` Jan Engelhardt
2011-09-29 17:46 ` Andrew Beverley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1317282807.26402.58.camel@andybev-desktop \
--to=andy@andybev.com \
--cc=netfilter@vger.kernel.org \
--cc=pandu@poluan.info \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox