>> You have to mark it in the PREROUTING chain of the mangle table, to be >> able to match on it within the PREROUTING chain of the nat table. > >Is this also true, if I jump from PREROUTING mangle in a user >defined chain and mark my packets there? Just make sure it gets marked in a table/chain (or subchain thereof) before the nat-PREROUTING chain is hit, according to http://www.imagestream.com/~josh/PacketFlow-new.png Jan Engelhardt --
