On Thu, Feb 28, 2002 at 09:31:14AM +0100, EGAL Vincent wrote: > Tim Carr wrote: > > I guess that's because your router does masquerading so source addresses > are changed , and filters don't match. Exactly - queueing disciplines and their attached filters come *way* after iptables or ipchains have doen their work. If you need information from before mangling, you should use fwmark to tag packets, and then filter based on that fwmark. How to do this is in the HOWTO. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
