Roberto Scattini a écrit :
>The answer is simple : it doesn't.
> i just cant make it work.
> all my outgoing packets keep going through the default gateway (even if
> they have the correct IP address, from the other nic...).
>
> i think i need an explanation... because i cant undestand how does the
> routing tables know that a packet is in response to a connection that came
> from this or that interface.
Your routing rules are based on the source address, but as you used DNAT
rules to change the destination address of incoming packets in the
PREROUTING chain, the reverse operation changing back the source address
of outgoing reply packets takes place in the POSTROUTING chain, i.e.
after the routing decision. In order to keep track of the original
destination address, you need to use the connection tracking facilities.
One way is the one you describe below, using the CONNMARK target to mark
connections and reply packets and use routing rules based on the packet
mark.