Originally Posted by amitsharma_26
Can anyone do the conversion of the above text in english ?
or can anyone provide some inputs about the language used.
This would be really gratefull.
I'm terribly sorry, i did some mixup with a french forum.
Anyway i was saying that i did encounter the same problem and doing some investigations
i found that it's limited to the routing of of locally generated packet.
If you setup a router with quite the same routing process (except u'll have to using
the PREROUTING chain instead of OUTPUT) everything goes fine.
The problem appear because when localy sending a packet linux decide of the reachability of the
remote host before the data packet is even created (ie in the 'connect' fonction, before any 'send'),
so there is no way that iptable will be able to mark the packet.
Anyway (i think u have already seen that) if u create a route in main (or in another route table not using fwmark)
for your destination, even with a wrong gateway connect will succeed and then iptable with mark the packet and
it 'll use your kwmark'ed table for routing decision.
Be carefull though if the initial route destination use another source-ip address than the fwmark'ed table then the
packet will be sended using the original source-ip address and not the one in the fwmark'ed table.