Hi, I'm facing an issue while trying to make a captive protal using iptables. marked packets in mangle PREROUTING should be normally forwarded. unmarked packets in mangle should be dropped or DNATed to my http portal. I'm using DNAT + SNAT on unmarked packets to redirect to my portal. I'm forwarding marked packets with SNAT. The problem is that the NAT connection stays active even if the packets of this connection are marked and do not . In that case, when refreshing the page, the browser use the same TCP connection that is still DNATed to my captive portal. I'd like it not to be forwarded anymore. I suppose the problem comes from the fact that only the first packet of the connection goes through the nat table. Is there a way , in the mangle table, to modify chosen packets in order for them not to go through that connection ? Thanks in advance. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
