On Mon, 2004-11-15 at 18:45 +0100, Eduardo Fernández wrote: > Hi all, > > i'm trying to debug packet marking like this: > > iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1 > (...) > But I don't know how to check if the packets are really being marked. > ip_conntrack shows all packets with mark=0, and that's not possible. yes, you need to explicitly save mark with CONNMARK to have the mark being propagated through the connection. See http://home.regit.org/connmark.html for details. BR, -- Eric Leblond <eric@xxxxxx> INL
