On Mon, 2004-11-15 at 12:45, Eduardo FernÃndez wrote:
> Hi all,
>
> i'm trying to debug packet marking like this:
>
> iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1
> (...)
>
> But I don't know how to check if the packets are really being marked.
> ip_conntrack shows all packets with mark=0, and that's not possible.
> I've tried logging with netfilter but I don't know which option shows
> the nfmark in the log. Any ideas?
>
> Thank you very much in advance.
>
> Eduardo
add a log rule that matches on the mark:
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m mark --mark 1 \
-j LOG --log-prefix "FW MARK 1: "
-j
--
"Beer. Now there's a temporary solution."
--The Simpsons
