Hi, Here I am trying something simple. My objective is to make ip rule fwmark command work :) Network Diagram: --- 192.168.250.197 (eth0) Linux Box (eth1) 192.168.8.88 -------------192.168.8.122 (eth0) Windows XP Client Configuration done on Linux Box:- (1) [root@g webauth]# iptables -t mangle -A PREROUTING -j MARK --set-mark 5 [root@g webauth]# iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x5 (2) [root@g webauth]# ip rule add fwmark 5 table test2 [root@g webauth]# ip rule 0: from all lookup local 32765: from all fwmark 5 lookup test2 32766: from all lookup main 32767: from all lookup 253 (3) [root@g webauth]# ip ro show table test2 prohibit 192.168.8.122 I expect ping from 192.168.8.122 to 192.168.250.197 to be drop, BUT is is successful. Why? Did I miss out anything? Please advice. Thank you Kaiwen |