> -j MARK => per-packet > -j CONNMARK => per-connection thank you > >> through a certain user defined chain. I guess this is a mark per packet. >> The particular chain lookes like this: >> >> >> Chain FWD_WWW-101 (2 references) >> target prot opt source destination >> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 quota: >> 100000000 bytes >> MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK >> set 0x65 >> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 quota: >> 1000000 bytes >> MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK >> set 0x1 > > MARK is only allowed in the mangle table. > Yes I know that. The abstract above comes from the mangle table, the name of the userdefined chain (which I jump into from PREROUTING mangle) might be a bit irritating, I admit, but it has nothing to do with FORWARD. > http://www.imagestream.com/~josh/PacketFlow.png > > PREROUTING comes before FORWARD. Yes I also know that. The Packets get marked correctly, I checked that in FORWARD filter, but in PREROUTING nat they are not, even though they should have been, hence I cannot dnat -- Clemens
Attachment:
signature.asc
Description: OpenPGP digital signature
