mark set on PREROUTING stays until POSTROUTING?
 

But I'm not talking about a forward. I'm talking about responses to incomming traffic.

If I stamp a mark on traffic that is comming to the host in PREROUTING, the response traffic will have that same mark visible in POSTROUTING? or OUTPUT? can I use it to route traffic?

Nope, it doesn't.

Re: mark set on PREROUTING stays until POSTROUTING?
 

I had a similar problem and numerous websites alluded to using CONNMARK and MARK targets.

It didn't work too well, but a solution using conntrack....

part of my ip-up... note the fwmark rule

elif [ "$1" = "ppp1" ]; then
ip route add $5 dev $1 src $4 table pppone
ip route add default via $5 table pppone
ip route add $5 dev $1 src $4
ip rule add from $4 table pppone
ip rule add fwmark 2 table pppone
/sbin/ip route add default via $5 dev $1 metric 10
ddclient -daemon=0 -syslog -use=if -if=ppp1 -file=/etc/ddclient2.conf -
cache=/etc/ddclient2.cache >/dev/null 2>&1
iptablessetup $4
fi

part of your firewall rules (my iptablessetup)

/usr/sbin/iptables -A PREROUTING -t mangle -i eth2 -j MARK --set-mark 2 -m conntrack --ctorigdst $1

eth2 is your ethernet interface, $1 is you external ppp interface. The idea being that when a connection passes through nat the original destination is maintained in conntrack, I use that to mark the packet and then use ip rule to forward back to the correct output interface.

D

That sounds quite logical.... and I have already tested working things with MARK.

Now the problem I'm facing is that the src address of the packets that are going out through interface X are carrying interface Y's address.... though I'm masquerading traffic through both interfaces. But It's not like an isolated crazy case. I'm dealing with two different internet connections that are present in the same subnet. Do you have an advice for this case? :scratch: