On 03/27/2013 03:29 PM, Adi Kriegisch wrote: > Hi! > > I recently got a second internet line where I wanted to route certain > connections to. So I decided to add a MARK to the connection in question: > | RULE="Accept service any from local.LAN to world.INET options > | log,logprefix=\"LAN-OUT-MARK\",nfmark=\"2\",comment=\"\"" > The mark 0x2 is added; the rules are generated. > > Then I added a rule to actually use a different routing table for packets > marked with 0x2: > | ip rule add fwmark 2 table otherisp > > The problem is that for some kind of reason the packets do not get out on > the other interface. The routing (including the firewalling part) works > when I specify a different rule like > | ip rule add from 10.1.1.0/24 table otherisp > > Any idea what I am doing wrong here? (vuurmuur is v0.7)
I think marks are being set in the FORWARD chain of the mangle table. As you're routing, it should maybe be set in the PREROUTING chain. Not 100% though, so maybe you can manually test with some rules? s/FORWARD/PREROUTING/g on the --set-mark rules should be enough to try. Cheers, Victor ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
