Jody Shumaker wrote:
[...]
This was definately your problem. How is this "connection tracking" ?
all these rules say is, if the state matches established or related,
then accept it. When that happens, no further processing is done. You
basically made all packets for previously established or related
connections not get marked as they left the chain before the mark
targets. Running :
iptables -t mangle -L -xvn
Would have likely shown hardly any hits to the set mark rules, and the
majority of the packets hitting those above 5 rules.
[...]
I only think you needed to either remove those -j ACCEPT targets,
optionally change it so they are at the end of the chain, or atleast
after the -j MARK targets.
In the general case with several interfaces, how to mark the packets so
that some use one interface. I do not know if my configuration is correct.
Regards.
--
==============================================
| FREDERIC MASSOT |
| http://www.juliana-multimedia.com |
| mailto:frederic@xxxxxxxxxxxxxxxxxxxxxx |
===========================Debian=GNU/Linux===
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
