RE: CONNMARK and ip rule fwmark

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

# iptables -t mangle -A PREROUTING -i tun1 -p tcp --syn -j CONNMARK --set-mark 
71
# iptables -t mangle -A OUTPUT -p tcp -m connmark --mark 71 -j MARK --set-mark 
71

> What about using the nat table to add your mark on a whole connection
> instead of using the mangle table ?

I just added:

# iptables -t nat -A PREROUTING -i tun1 -p tcp --syn -j CONNMARK --set-mark 71

Nothing changed.
However I believe that the original rule was used, because the counters 
(iptables -L -v) ARE incremented.

Regards,
  Steffen

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux