On Mon, Sep 1, 2008 at 6:14 AM, Patrick McHardy <kaber@xxxxxxxxx> wrote:
> jon hale wrote:
>>
>> I have a problem when I combine owner-gid, fwmark, and iproute2.
>> I am starting to wonder if I can really get there from here.
>>
>> Synopsis:
>> I have been trying to set up policy routing based upon the group id
>> of the process sending the packets.
>>
>> It works for most packets, but there is some scenario that happens
>> at
>> the end of every ftp upload, where the packet goes out the wrong
>> interface and gums up the works.
>
> The stack may send packets that don't belong to the original socket.
> You need to use CONNMARK to make sure all packets of a connection
> are marked similar.
>
Hmm, I thought I was using CONNMARK
I do have the iptables command:
iptables -t mangle -A OUTPUT -j CONNMARK --save-mark
Is there something else I need as well?
Thank you for responding,
-jon
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
