Hello, Frank a écrit :
Also, after much time banging my head against the wall trying to figure out why my marks were ignored, I discovered that in spite of what the netfilter packet traversal diagram shows, marks set in PREROUTING are ignored for packets originating on the box doing the routing, and the marks need to be set on the OUTPUT chain for that case
"In spite" ? What are you tacking about ? That's exactly what the Netfilter diagram shows : locally generated packets don't go through the PREROUTING chain - except when sent to (and therefore received back from) the loopback interface.
