* Michele Baresi ([EMAIL PROTECTED]) wrote: > I'm trying to get OUTPUT mangling working with policy routing but i > dont know what i'm doing wrong. > I've tried Stephen trick but it didnt succeed.
Which trick was that?
> In my situation i've got to possible routers onto the same eth segment
> with differents subnets. So:
>
> eth0 --> addr 210.56.12.3 --> gw 210.56.12.1
> eth1 --> addr 192.168.1.250 --> gw 192.168.1.254
>
> I'm trying to send all squid traffic trought eth1 and so i did create
>
> echo 200 >> /etc/iproute2/rt_tables http.out
> ip rule add fwmark 5 table http.out
> ip route add default 192.168.1.254 table http.out
>
> iptables -t mangle -A OUTPUT --dport 80 -j MARK --set-mark 5
>
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to=192.168.1.250
>
> But ii've missed something. Using iptables -v i noticed that packets
> never seem to get back to eth1 while opening a ping session to the
> 192.168.1.254 router shows packets normally getting back to it.
> Any ideas??
This all looks pretty good but did you do:
echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter
?
Stephen
msg01980/pgp00000.pgp
Description: PGP signature
