Hey, i figured out what the problem was, i was passing all packets through squid, so when it was maked in the mangle PREROUTING chain, squid removed the marks since it doesnt support them, but changing the chain to OUTPUT solved this prob. Thanks to all. --- Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Hello, > > Frank a écrit : > > Also, after much time banging my head against the > wall trying to > > figure out why my marks were ignored, I discovered > that in spite of > > what the netfilter packet traversal diagram shows, > marks set in > > PREROUTING are ignored for packets originating on > the box doing the > > routing, and the marks need to be set on the > OUTPUT chain for that > > case > > "In spite" ? What are you tacking about ? That's > exactly what the > Netfilter diagram shows : locally generated packets > don't go through the > PREROUTING chain - except when sent to (and > therefore received back > from) the loopback interface. > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
