> iptables -A PREROUTING -t nat -i eth1 ... -j REDIRECT --to-port 3128 > iptables -A PREROUTING -t mangle -i eth1..... -j mark 1 I don't think that will do what you want. The first iptables command will A(dd) an entry to the nat table. Your second command adds an entry to the mangle table. So even though one command immediately follows the other in your script, packets won't see them that way. Do this to see the order of tests in your tables: iptables -L -v -n -t nat iptables -L -v -n -t mangle I have never been clear about the exact order of tables/chains packets see so I don't know which table they will traverse first. - Greg -----Original Message----- From: Arindam Haldar [mailto:ahiam@xxxxxxxxx] Sent: Friday, December 28, 2001 2:29 AM To: lartc@xxxxxxxxxxxxxxx Subject: [LARTC] PREROUTING doubts !! hi all, i want 2 know if the follwing is correct iptables -A PREROUTING -t nat -i eth1 ... -j REDIRECT --to-port 3128 iptables -A PREROUTING -t mangle -i eth1..... -j mark 1 the intention is to send http pkts first to transpaent squid else use routing based on cost & bandwidth ! will be very thanful to u 4 cealring this doubt arindam haldar _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
