Le mer 14/01/2004 à 09:08, kaiwen a écrit : > Looking at the iptables chain diagram, my guess is MARKING at mangle > INPUT or mangle PREROUTING should work as well. > When packet comes off from wire, I mark it with 3 at mangle > PREROUTING. Since it is a ping to 192.168.8.88, it should be a local > process. I do not really the point of marking packets at PREROUTING, but well, marking them here and route them against mark works for me in a lot of situations. > Then the ping is successful. But from my testing, no. Could you clarify a bit what happens there ? And in particular where br0 is and how it is configured, as you route packets through it. > Another possiblity is packet is route to test2 routing table after > mangle OUTPUT and before mandle POSTROUTING. I am getting confuse :) If you read a Netfilter architecture diagram, you'll see routing is done _before_ POSTROUTING. So marking packets in POSTROUTING won't have any effect on routing stuff. For recieved packets, routing is done after PREROUTING, so marking in INPUT chain has no effect on routing either. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
