Prev: Linux firewalls lacking wireless nic support?
Next: Understanding Send-Q and Recv-Q by netstat
From: Konstantinos Agouros on 3 Dec 2009 17:28
Sorry for the long subject. I do the following:

ip rule from all fwmark 0x10 lookup table 1

iptables -t mangle -A PREROUTING -s 192.168.1.1 -p tcp --dport 80 -j CONNMARK --set-mark 0x10
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark --mask 0xff

I already used the TRACE target for a testing address and what I see is,
that the answer packets go through prerouting and at the end have the
correct mark but are never allowed to the FORWARD queue. The same rules were
working in 2.6.30. Has there been some change? Is there a known bug?

Regards,

Konstantin
--
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood(a)agouros.de
Altersheimerstr. 1, 81545 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres
 | 
Pages: 1
Prev: Linux firewalls lacking wireless nic support?
Next: Understanding Send-Q and Recv-Q by netstat