> # iptables -t mangle -A PREROUTING -s <LAN_IP> -j MARK --set-mark 5
I guess you should use the conntrack module. I'm not sure, but I think you're marking only the first packet of the connection. I have something like this to mark them (different scenario... a load balancer with 2 uplink providers): iptables -t mangle -A PREROUTING -m conntrack --ctorigdst $IP1 \ -p tcp -m tcp --dport 110 -j MARK --set-mark 1 > and I route them via ISP2 > # ip rule add fwmark 5 table isp2 > Does anyone have CONFIG_IP_ROUTE_FWMARK working in debian? I do. "ip rule add fwmark 1 table T1" works for me. Default sarge kernel. -- Homepage : http://geocities.com/arhuaco The first principle is that you must not fool yourself and you are the easiest person to fool. -- Richard Feynman.
