Hi, Sorry, my mistake, br0 is eth1 in LINUX ROUTER. Kaiwen ----- Original Message ----- From: "Cedric Blancher" <blancher@xxxxxxxxxxxxxxxxxx> To: "kaiwen" <cal_kaiwen@xxxxxxxxxxx> Cc: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Wednesday, January 14, 2004 4:39 PM Subject: Re: Precedence of packet traverse through iptables chain, localrouting table and newly created routing table > Le mer 14/01/2004 à 09:08, kaiwen a écrit : > > Looking at the iptables chain diagram, my guess is MARKING at mangle > > INPUT or mangle PREROUTING should work as well. > > When packet comes off from wire, I mark it with 3 at mangle > > PREROUTING. Since it is a ping to 192.168.8.88, it should be a local > > process. > > I do not really the point of marking packets at PREROUTING, but well, > marking them here and route them against mark works for me in a lot of > situations. > > > Then the ping is successful. But from my testing, no. > > Could you clarify a bit what happens there ? And in particular where br0 > is and how it is configured, as you route packets through it. > > > Another possiblity is packet is route to test2 routing table after > > mangle OUTPUT and before mandle POSTROUTING. I am getting confuse :) > > If you read a Netfilter architecture diagram, you'll see routing is done > _before_ POSTROUTING. So marking packets in POSTROUTING won't have any > effect on routing stuff. For recieved packets, routing is done after > PREROUTING, so marking in INPUT chain has no effect on routing either. > > > -- > http://www.netexit.com/~sid/ > PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE > >> Hi! I'm your friendly neighbourhood signature virus. > >> Copy me to your signature file and help me spread! >
