Jörg Harmuth wrote:
Antonio Pérez schrieb:
Jörg Harmuth wrote:
Antonio Pérez schrieb:
Hi Joerg,
Thanks for your reply, I also tried PREROUTING and also many different
protocols, not only http and the problem remains the same, everything
seems to work properly, no errors, but the number of marked packets
remains empty.
Any idea will be apreciated, thanks.
Could you please post the output of iptables-save ? I assume, that some
other rules are the culprit ;)
Have a nice time,
Joerg
iptables-save
# Generated by iptables-save v1.3.3 on Wed Aug 24 14:05:01 2005
*mangle
:PREROUTING ACCEPT [633:402628]
:INPUT ACCEPT [633:402628]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [606:91422]
:POSTROUTING ACCEPT [606:91422]
-A PREROUTING -m layer7 --l7proto http -j MARK --set-mark 0x1
-A PREROUTING -m layer7 --l7proto dns -j MARK --set-mark 0x1
-A POSTROUTING -m layer7 --l7proto http -j MARK --set-mark 0x1
-A POSTROUTING -m layer7 --l7proto dns -j MARK --set-mark 0x1
COMMIT
# Completed on Wed Aug 24 14:05:01 2005
[SNIP]
I applied layer7 patch to kernel and iptables, do I need to add any
other path?
No, that will do. Well, these rules are fine - but it's only mangle
table. What about filter / nat table ? Any rules in these chains ? Any
policies set to DROP ?
Have a nice time,
Joerg
Both nat and filter are empty:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Thanks for your time.
