Philip Champon wrote: > > Machine B > iptables -A PREROUTING -t mangle -j MARK -p tcp --dport 443 --set-mark 0x1 > ip rule add prio 100 fwmark 1 table 100 > ip route add local 0/0 dev lo table 100 > > Issuing these commands on machine A, packets move as I expect them to. However, > on machine B, using tcpdump I see packets come in on port 443, but I never see > machine B respond or send an ICMP error. I never tried anything like this before, and don't really understand what you're doing, but taking a guess: aren't you directing the incoming port 443 packets to the loopback device routing table ? so then they're never going to do anything useful, unless your application is specificaly listening on 127.0.0.1 ? -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@xxxxxxxxxxxx SnapGear --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
