> > 1) Add a mark to the packet > # iptables -t mangle -A PREROUTING -p tcp --dport 1194 -j MARK --set-mark > 0x4aa > > 2) Verify the PREROUTING table has the mark > # iptables t mangle -L PREROUTING -v > Chain PREROUTING (policy ACCEPT 126K packets, 87M bytes) > pkts bytes target prot opt in out source destination > 0 0 MARK tcp - any any anywhere anywhere tcp dpt:openvpn MARK set > 0x4aa
That "0 0" means no bytes have been satisfied by that rule. Can you check after you have tested a packet that should satisfy the rule to confirm that the counters are increasing? > > ... > > So to my mind, any packet with destination port of tcp 1194, should > get the 0x4aa mark and then be routed using the routing table vlan156 > which tells it to use the default gateway of 172.26.10.1. However this > is not happening, all traffic is still being routed using the default > gateway in the main routing table (ip route show). > > Any suggestions as to why it's not working? > How are you determining that the packets aren't going the right way? Is OpenVPN definitely using TCP? Default is UDP. Did you flush the route cache after - "ip route flush cache"? James _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
