Hi again, having a closer look at your rules I found the following things: > iptables -t mangle -i eth2 -A PREROUTING -j CONNMARK --restore-mark > iptables -t mangle -i eth2 -A PREROUTING -m mark ! --mark 0 -j > ACCEPT > < rules rules rules > > iptables -t mangle -i eth2 -A PREROUTING -m mark --mark 0 -j MARK > --set-mark 2 > iptables -t mangle -i eth2 -A PREROUTING -j CONNMARK --save-mark There is nothing wrong with the rules but IPP2P will never match a packet because the following thing happens: Very first packet of a connection enters the box -> restore mark -> mark 0 -> traversing the chain -> no match -> set-mark 2 -> save mark Every following packet of these connection enters the box -> restore mark -> mark 2 -> ACCEPT (not traversing the chain again) So what does this mean? The very first packet of every TCP connection (and thats what IPP2P is all about) starts with a SYN and is answered by an ACK,SYN. These packets don't contain data payload and hence can NOT contain any P2P-patterns IPP2P is looking for. You have to change the ruleset to let IPP2P work! If you want to verify that IPP2P is working just add the following rule to your ruleset: iptables -t mangle -I POSTROUTING 1 -p tcp -m ipp2p --ipp2p -j ACCEPT iptables -t mangle -L -n -v -x should show you some hits in the POSTROUTING chain now :-) Hope that helps, Mike. -- GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...) jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
