On Saturday 01 March 2003 03:44 pm, Esteban wrote: > i have a trnasparent squid and a nat rule to redirect ports.. > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 3128 > > then squid looks for the webpages on the two gateways (multipath). > now i would like to fwmark paquets generated by squid and thru a > routeing table route only www packages to the gw i want. > > i tryed > iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark > 2 If the traffic is coming from (IE squid is running on) the firewall box itself then outbound traffic from squid never goes through PREROUTING. Try: iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 2 instead. j
