Colin Alston karnaugh at karnaugh.za.net
Fri Mar 16 20:05:19 SAST 2007

J-P Human wrote:
> iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 22 -j MARK
> --set-mark 1

eth0.. ok

> ip route add default via dev eth0 table IS

Don't specify devices on routes unless it's a link route. but eth0 ok...

Wait.. you're routing *in* and *out* on eth0? How's that going to work?

If you want the linux boxs traffic to be policy routed as well then 
you need the OUTPUT chain. If you want it to behave correctly as a 
router then you need two nics or the route is cached elsewhere as a 
redirect on the same ethernet segment.

> # route -n

*stab* *stab* *stab**stab**stab**stab**stab**stab**stab**stab**stab**stab*

ip route, not route -n.. word...

HTH. Otherwise have a glance at http://www.karnaugh.za.net/show?id=194

