Odri Kornel wrote:
Thank you for your quick answer.
My problem was that although imq is a device it is called via iptables like a table just as snat. As far as I know if iptables finds a matching rule, it jumps out of the chain, and does not process the other rules. Is this where I made a mistake? I haven't found any description about this...
Yes this is not true. If a packet is not explicit dropped / accepted it continues traversal. Think about the MARK target, in fact the IMQ target is just a modified MARK target.
Also, the imq device is not called via iptables, iptables is just used for specifying that the current packet should pass through the imq device at a later point. The IMQ device feeds itself through netfilter hooks, so in theory you could f.e. mark all IPX/whatever packets somewhere during their processing and they would pass the imq device, too.
So, youre saying, that the packet will be processed trough the other postrouting rules after being marked by the mangle rule?
For ex.:
iptables -t mangle -A POSTROUTING -o eth0 -j IMQ iptables -t mangle -A POSTROUTING -o ipsec0 -j IMQ iptables -t nat -A POSTROUTING -j SNAT ...
This should work?
Yes. Bye, Patrick
