[LARTC] UDP port 1194 marking/routing problem

2005-04-06 Thread Remus
Hi folks, I have OpenVPN (respect for it developers) running on my FW. Is has two external NICs and on internal everything is fine, except I want OpenVPN (UDP port 1194) going not via default route/network interface. I use such commands: iptables -t mangle -D POSTROUTING -o eth0 -p udp

Re: [LARTC] UDP port 1194 marking/routing problem

2005-04-06 Thread Wang Jian
Hi Remus, It seems that iptables -t mangle -A POSTROUTING -o eth0 -p udp --dport 1194 -j MARK \ --set-mark 0x990 will not take effect. (didn't you typo -A as -D?) POSTROUTING is looked up after routing decision is made. Because the default route is dev eth1, the output device is eth1, -o

Re: [Openvpn-users] Re: [LARTC] UDP port 1194 marking/routing problem

2005-04-06 Thread Remus
another suggestion than iptables/MARK? Regards Remus - Original Message - From: Wang Jian [EMAIL PROTECTED] To: lartc@mailman.ds9a.nl Cc: Remus [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, April 06, 2005 12:23 PM Subject: [Openvpn-users] Re: [LARTC] UDP port 1194 marking/routing problem

Re: [LARTC] UDP port 1194 marking/routing problem

2005-04-06 Thread Remus
Message - From: Wang Jian [EMAIL PROTECTED] To: Remus [EMAIL PROTECTED] Cc: lartc@mailman.ds9a.nl; [EMAIL PROTECTED] Sent: Wednesday, April 06, 2005 1:38 PM Subject: Re: [Openvpn-users] Re: [LARTC] UDP port 1194 marking/routing problem Hi Remus, I means: don't use policy routing, because

Re: [LARTC] UDP port 1194 marking/routing problem

2005-04-06 Thread Wang Jian
: Wednesday, April 06, 2005 1:38 PM Subject: Re: [Openvpn-users] Re: [LARTC] UDP port 1194 marking/routing problem Hi Remus, I means: don't use policy routing, because you can use much simpler solution. Example: ip route add default via $DEFAULTGW dev eth1 ip route add

Re: [Openvpn-users] Re: [LARTC] UDP port 1194 marking/routing problem

2005-04-06 Thread Wang Jian
@mailman.ds9a.nl; [EMAIL PROTECTED] Sent: Wednesday, April 06, 2005 10:03 AM Subject: [Openvpn-users] Re: [LARTC] UDP port 1194 marking/routing problem Hi Remus, On Wed, 6 Apr 2005 14:48:03 +0100, Remus [EMAIL PROTECTED] wrote: Wang, That solution does not suite me: ip route add