Aren't you making any mistake here, Johan? OUTPUT chain is meant for the outgoing packets from the firewall itself. What Jaco is doing is receiving packets from the network which will never pass the OUTPUT chain. Ramin On Thu, May 17, 2001 at 06:29:00AM -0400, johan@xxxxxxxxxxxxxx wrote: > I had ever met this condition > I change chain rule at iptables,try like this > > iptables -I OUTPUT -t mangle -p tcp -s 0/0 -d 192.168.62.0/24 -j MARK > --set-mark 1 > > and it works. > > Regards > > Johan > > On Wed, May 16, 2001 at 11:07:07AM -0400, Ramin Alidousti wrote: > > I assume that the packets come in on eth0, right? And I'm not sure > > if the mangle table sees the destination as 192.168.62.0/24 or as > > the original destination address. Try this: > > > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d 192.168.62.0/24 \ > > -j MARK --set-mark 1 > > > > If it doesn't work, try: > > > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d <orig dst IP's> > > -j MARK --set-mark 1 > > > > Hope it works, > > Ramin
