Hi Sudheer, As far as i know you can only use --set-mark in the mangle table. You are trying to use it in the nat table. Try: iptables -t mangle -A PREROUTING -i eth0 -o eth2 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth1 -o eth0 -j MARK --set-mark 1 Regards, Victor On Thursday 28 October 2004 13:07, Sudheer Divakaran wrote: > Hi, > I'm facing a problem with MARK target. > > My Linux box has 3 network cards > > eth0 - LAN1 > eth2 - LAN2 > eth3 - ISP > > My problem is that my Lan machines are not able to communicate with each > other (i.e. LAN1 <-> LAN2). Firewall blocks them. But my lan clients > have no problem in accessing internet!!. > > Here is my configuration. > > > # eth0 - LAN1 > # eth2 - LAN2 > # eth3 - ISP > > iptables -F > iptables -X > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > iptables -t nat -A PREROUTING -i eth0 -o eth2 -j MARK --set-mark 1 > #THIS IS NOT WORKING > iptables -t nat -A PREROUTING -i eth1 -o eth0 -j MARK --set-mark 1 > #THIS IS NOT WORKING > > #Other rules follows... Not listed here > > iptables -A FORWARD -m mark --mark 1 -j ACCEPT #THIS IS NOT WORKING > > #Other rules follows... Not listed here > > > I know that I can do it directly from the FORWARD chain of filter table, > but I'm using SQUID for transparent proxying for some machines (Those > rules are not listed here), so I want to mark some packets. Could > someone please help me on this? > > > Thanks > Sudheer
