Hi,

I'm trying to get iproute2 to route outgoing packets marked using iptables to an alternate route.

I have ver 1.2.13 of devil-linux and I'm using the following commands to try to route

in /etc/iproute2/rt_tables I have appended the following entry

200 alt.net

I have then executed the following command


ip rule add fwmark 1 table alt.net
ip route add default via 172.16.1.1 dev eth2 table alt.net
ip route flush cache

My normal routing has eth0 as the default route so the above should override the routing for rules that mark packets with a 1.

I'm using firewall builder to manage iptables and have used their marking action to mark the packets.

I have rules that I'm using to test this to NAT outgoing traffic to tcp port 119 with policy rules to 1st mark packets destined through this route, then another rule to accept it.

It doesn't seem to matter which things I change, the data always seems to go out through the default route and the the alt.net route. (I'm using tcpdump to confirm this)

The lartc docs have the following kernel options required for routing marked packets in iproute2

IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [Y/n/?]
IP: policy routing (CONFIG_IP_MULTIPLE_TABLES) [Y/n/?]
IP: use netfilter MARK value as routing key (CONFIG_IP_ROUTE_FWMARK) [Y/n/?]

all of which are correctly set according to DL-kernel-config file included in the devil-linux download, so the correct compile options look to be set.

Does anyone have any suggestions on what I may be doing wrong or further things I could check.

Thanks,
Andrew