On Thursday, 05 September 2002, at 16:57:53 -0000, anish_46628 wrote: > 3. Traffic going out from PC2 and generated by PC2 itself should > have different differnt mark so that the traffic can be filtered > based on the mark. > With linux kernel 2.4.x, packets go through different sets of rules when "traversing" the box. A packet in transit will enter PREROUTING, pass on to FORWARD and finally to POSTROUTING just before being queued to be sent out on the physical interface. On the other hand, locally generated packets go first to OUTPUT and afterwards to POSTROUTING. Compare this to kernels 2.2.x when an in-transit packet would be seen at input, forward and output. There is an _excelent_ reference on iptables you should check to get the details of what you can do and how: http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
