-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Clemens : > Hi everyone, > > after experimenting with setting marks (--set-mark) in the > PREROUTING chain in the mangle table, I found out, that those marks > were not accessible/matchable in PREROUTING nat table. I was able > to see the marks in chain FORWARD mangle table though :-( I think this has something to do with the kernel netfilter framework internal . In the netfilter , there are five points in which user defined funtions to be called by the kernel , they are PREROUTING , FORWORD , POSTROUTING , INPUT , OUTPUT . So , you mark a package in the prerouting point , and then you must can see it in the forword point , because the package go from the prerouting to the forward . But if you mark a package in the prerouting point but also want to see it in the same point , there is must some trick here . If the mangle table's funtion called before the nat table , I think you can see the mark , if it isn't , you can't . But you can just complete your task without go into the troubles here . If you want to distinguish packages , you can just do that in the nat prerouting chain , why do you mark it in the mangle table and find it in the nat table ? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFHKSn7tZp58UCwyMRAqXOAJ9j8HjpvPYFKsODrT8PDkyWzm/jUACeLYBX /rcGTiWbFi3gekD/EsL3Er4= =ZIlb -----END PGP SIGNATURE-----
