Hello, I want to use netfilter's MARKing system to dynamically route packets on an interface or another based on port numbers. One of my problem (the main one I think) is that a packet is not 'seen' by the firewall if there is no route to it. tcpdump can see it but not the firewall. So if I try to MARK the packet in order to route it based on the mark, it fails because : no route=no firewall=no marking=no dynamic routing--+ ^...................................................| I must be missing something. BTW, is there a decent tool to monitor what the FW does with a packet, why it is dropped, how it is marked, etc. without doing everything with -j LOG ? Thanks for any help, it's been a week of tests and I'm really getting mad with nothing working. -- Jean-Christophe Boggio cat@thefreecat.org -o) Independant Consultant and Developer /\\ Delphi, Linux, Perl, PostgreSQL, Debian _\_V
