From: "Ming-Ching Tiew" <mingching.tiew@xxxxxxxxxxx> > > I would say it would be better to re-order the the iptables command :- > > #restore mark before ROUTING decision > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark > #by-pass rules if it is already MARKed > iptables -t mangle -A POSTROUTING -m mark --mark ! 0 -j ACCEPT > #1st packets(from a connection) will arrive here > iptables -t mangle -A POSTROUTING -o eth1 -j MARK --set-mark 0x1 > iptables -t mangle -A POSTROUTING -o eth2 -j MARK --set-mark 0x2 > iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark > > ie restore-mark is moved to the top. > On more careful reading, I am wondering why it is using POSTROUTING ? Shouldn't it all be PREROUTING ? Cheers. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
