On 05/03/2013 05:06 PM, Ljubomir Ljubojevic wrote: > On 05/02/2013 08:48 PM, Michael Mol wrote: [snip] > > Alternate source routing, firewall and netfilter marking of packets: > > > iptables -t mangle -A PREROUTING -s 172.24.5.0/24 -j MARK --set-mark 100 # > iptables -t mangle -A PREROUTING -s 192.168.150.107 -j MARK --set-mark > 200 # > iptables -t mangle -A PREROUTING -s 192.168.150.224 -j MARK --set-mark 100 > > > # Local network > iptables -t mangle -A PREROUTING -d 192.168.0.0/16 -j MARK --set-mark 20 > iptables -t mangle -A PREROUTING -d 172.16.0.0/12 -j MARK --set-mark 20 > iptables -t mangle -A PREROUTING -s <PublicIP> -d 192.168.0.0/16 -j MARK > --set-mark 20 > iptables -t mangle -A PREROUTING -s <PublicIP> -d 172.16.0.0/12 -j MARK > --set-mark 20 > > And then something like: > > # echo 201 mail.out >> /etc/iproute2/rt_tables > # ip rule add fwmark 1 table mail.out > # /sbin/ip route add default via 195.96.98.253 dev eth0 table mail.out > > (http://lartc.org/howto/lartc.netfilter.html). > > Used firewall rules are from StarOS router OS that has simple script for > policy routing so that second part with ip rule and ip route is just a > pointer in right direction. I don't figure I want to use the mangle table for this. Though thanks for the example code; that will come in handy for tc. Just need how to work that in with sanewall. I think I know what I did wrong, but it's going to be a while before I can test it. (Dang, I wish I had enough spare hardware at home to set up a test lab.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 555 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20130503/53431851/attachment-0005.sig>