On Fri, Jan 09, 2004 at 05:17:36PM +0100, Thhoep wrote: > if using the inbuilt "ip rule add from .." directive of iproute for advanced > routing everything is working fine. but if i try to use netfilter marks to > do the exact same thing using "ip rule add fwmark ..." outgoing packets find > their way through my routing stuff and out of the net, but incoming replies > just get lost between PREROUTING and FORWARD, probably during the routing > process, for just no reason and without any icmp error messages or > something. OK. You mean when doing MARK in mangle for ping a -> b, you see both ping and pong on ppp4 but the pongs get dropped somewhere between PREROUTING and FORWARD. When you remove the MARK from netfilter then all works fine?? Instead of "iptables -L..." can you send the exact commands you enter from scratch for both netfilter and iproute2 instructions? "iptables -L..." wraps the lines and is hard to read for me and also doesn't show you all the actions taken (or at least I have difficulty interpretting them). Just make sure that you start from scratch and a clean setup. Ramin
