Erez, if I properly understand what Nathan is trying to do, he doesn't want to route by src/dst (or any other property of a packet). Instead, he wants something like "stateful routing": he wants the routing of packet which are an *indirect* result of a certain SSH session to be routed by the same interface this SSH session came in through.
To the kernel, there's no relation between the SSH session and the indirectly-resulting packets. In non-encrypted protocols such as FTP or ICQ, the kernel keeps track of the relation (IP conntrack modules), but in the case of SSH, only SSH internals know this mapping. On 3/28/07, Erez D <[EMAIL PROTECTED]> wrote:
as i can see, you do source routing, and determine the outgoing interface via the source ip. ( see the 'ip rule ...' ) this means that the outgoing interface is determined by the ip binded to the app (e.g. to ssh) usually apps bind to the default ip. you should change your 'ip rule' (e.g. route by destination, port, or whatever, possibly with conjunction with iptables), and then the ssh tunnel will go through the interface you like it to.
