[CLUG-tech] Simple advanced routing

Colin Alston karnaugh at karnaugh.za.net
Fri Mar 16 20:05:19 SAST 2007

J-P Human wrote:
> iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 22 -j MARK
> --set-mark 1

eth0.. ok

> ip route add default via dev eth0 table IS

Don't specify devices on routes unless it's a link route. but eth0 ok...

Wait.. you're routing *in* and *out* on eth0? How's that going to work?

If you want the linux boxs traffic to be policy routed as well then 
you need the OUTPUT chain. If you want it to behave correctly as a 
router then you need two nics or the route is cached elsewhere as a 
redirect on the same ethernet segment.

> # route -n

*stab* *stab* *stab**stab**stab**stab**stab**stab**stab**stab**stab**stab*

ip route, not route -n.. word...

HTH. Otherwise have a glance at http://www.karnaugh.za.net/show?id=194

Colin Alston ~ http://www.karnaugh.za.net/

Expecting one person to deal with all your problems is like praying 
each time you require an ambulance: You'll eventually be dead long 
before you get a response.

More information about the clug-tech mailing list