Hello, list I have a problem with source address selection. I want all my outgouing mail to go via openvpn tunnel (tun0 device). The tunnel itself works well: # ip ro rep default via 10.9.0.1 # ip ro l dev tun0 10.9.0.1 proto kernel scope link src 10.9.0.2 default via 10.9.0.1 At this moment all mail go through tunnel, and everything fine. Now I want packets with dst port 25 only to go through tunnel. // restore original route # ip ro rep default via 172.17.210.1 # iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 1 # ip ro add default via 10.9.0.1 table 100 # ip ru add fwmark 1 table 100 prio 100 # ip ru l 0: from all lookup local 100: from all fwmark 1 lookup 100 32766: from all lookup main 32767: from all lookup default # ip ro l x.x.x.x via 172.17.210.1 dev eth0 10.9.0.1 dev tun0 proto kernel scope link src 10.9.0.2 172.17.210.0/24 dev eth0 proto kernel scope link src 172.17.210.118 172.16.0.0/12 via 172.17.210.1 dev eth0 default via 172.17.210.1 dev eth0 # ip ro l table 100 default via 10.9.0.1 dev tun0 # iptables-save *mangle :PREROUTING ACCEPT [1495362:284341757] :INPUT ACCEPT [1494895:284296296] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1395937:216868791] :POSTROUTING ACCEPT [1397200:217027358] -A OUTPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x1 COMMIT // clear route cache # ip ro flu ca Now, from my point of view everything is configured right. I do telnet y.y.y.y 25 and what i see with tcpdump : # tcpdump -i tun0 -ln port 25 tcpdump: listening on tun0 19:29:42.674534 172.17.210.118.49576 > y.y.y.y.25: S 3134979961:3134979961(0) win 5840 <mss 1460,sackOK,timestamp 355727765 0,nop,wscale 0> (DF) [tos 0x10] You see, source address of packet - 172.17.210.118 is not what expected to be (10.9.0.2). My question - is this a bug or just misconfiguration ? Please, help. -- Andrei Nigmatulin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/