Antonio Pérez schrieb: > Jörg Harmuth wrote: > >> Antonio Pérez schrieb: >> >> >>> Hi Joerg, >>> >>> Thanks for your reply, I also tried PREROUTING and also many different >>> protocols, not only http and the problem remains the same, everything >>> seems to work properly, no errors, but the number of marked packets >>> remains empty. >>> Any idea will be apreciated, thanks. >>> >> >> >> Could you please post the output of iptables-save ? I assume, that some >> other rules are the culprit ;) >> >> Have a nice time, >> >> Joerg >> >> >> >> > iptables-save > # Generated by iptables-save v1.3.3 on Wed Aug 24 14:05:01 2005 > *mangle > :PREROUTING ACCEPT [633:402628] > :INPUT ACCEPT [633:402628] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [606:91422] > :POSTROUTING ACCEPT [606:91422] > -A PREROUTING -m layer7 --l7proto http -j MARK --set-mark 0x1 > -A PREROUTING -m layer7 --l7proto dns -j MARK --set-mark 0x1 > -A POSTROUTING -m layer7 --l7proto http -j MARK --set-mark 0x1 > -A POSTROUTING -m layer7 --l7proto dns -j MARK --set-mark 0x1 > COMMIT > # Completed on Wed Aug 24 14:05:01 2005 [SNIP] > I applied layer7 patch to kernel and iptables, do I need to add any > other path? No, that will do. Well, these rules are fine - but it's only mangle table. What about filter / nat table ? Any rules in these chains ? Any policies set to DROP ? Have a nice time, Joerg
