I'm facing a problem with MARK target.
My Linux box has 3 network cards
eth0 - LAN1 eth2 - LAN2 eth3 - ISP
My problem is that my Lan machines are not able to communicate with each other (i.e. LAN1 <-> LAN2). Firewall blocks them. But my lan clients have no problem in accessing internet!!.
Here is my configuration.
# eth0 - LAN1 # eth2 - LAN2 # eth3 - ISP
iptables -F iptables -X iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
iptables -t nat -A PREROUTING -i eth0 -o eth2 -j MARK --set-mark 1 #THIS IS NOT WORKING
iptables -t nat -A PREROUTING -i eth1 -o eth0 -j MARK --set-mark 1 #THIS IS NOT WORKING
#Other rules follows... Not listed here
iptables -A FORWARD -m mark --mark 1 -j ACCEPT #THIS IS NOT WORKING
#Other rules follows... Not listed here
I know that I can do it directly from the FORWARD chain of filter table, but I'm using SQUID for transparent proxying for some machines (Those rules are not listed here), so I want to mark some packets. Could someone please help me on this?
Thanks
Sudheer
