"Jan Engelhardt" <jengelh@xxxxxxxxxxxxxxx> wrote in message news:alpine.LNX.1.10.0804092310390.17930@xxxxxxxxxxxxxxxxxxxxxxxxxxxx >>Do the ip rules based on the fwmark work on the individual packet's mark >>value or the conntrack mark, or both? > > routing rules work on packet mark ("nfmark" "fwmark"), whch is > why --restore-mark is needed. But then, do you not need a --restore-mark in both the FORWARD and OUTPUT chains? -t mangle -A FORWARD -m connmark --mark 0 -m conntrack --ctstate NEW -j prefout -t mangle -A OUTPUT -m connmark --mark 0 -m conntrack --ctstate NEW -j prefout Or are you simply marking the connection and expecting the system to randomly choose whether to output on ppp0 or ppp1? Thanks, Eric -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
