Hi Gang
I am struggling with policy routing and I feel like something is not working as expected.
To put it very simple, I want traffic from the Wireguard Server to ALWAYS be sent out a specific interface or even better would be, through the interface through which the incoming wireguard packet was received.
So let's assume my wireguard server runs under 192.168.77.1:13231 which is active on eth0.
I created a FIB routing table 'VIA ETH0' containing a default route to Interface %ETH0
I added a mangle rule on the OUTPUT chain to add a routing mark "VIA ETH0' on packets matching:
Protocol: udp
source-ip: 192.168.77.1
source-port: 13231
To my understanding, that should be good enough for that routing table and thus the route via ETH0 to be selected on packets originating from the wireguard server.
But unfortunately packets are routed via the default route find in the 'main' routing table.
Only when I add a routing rule to match source: 192.168.77.1 and lookup table 'VIA ETH0' my packets leave the interface I wish, but all other locally generated traffic too and that is not what I want.
Adding a routing rule to match the routing mark does nothing.
What could I be doing wrongly?
At the end, I want to make sure I send replies to wireguard clients on that interface I am receiving traffic from those clients and could be using connection marks for this.
-Benoit-