Hi all, Much to my surprise, I've not been able to mark esp packets in the mangle table. Although esp packets are traversing as they should, the iptables counters are unmoved from zero and as you'd expect rules applied against the mark fail also. I've tried with ubuntu 2.6.24 & 2.6.27 kernels as well as a debian 2.6.26 all seem to suffer the same problem, all different machines. Non esp packets mark no problem. I don't seem to be able to google anyone else having this problem, so I'm hoping someone can help point out where I'm going wrong. iptables -t mangle -A PREROUTING -i eth0 -p esp -j MARK --set-mark 0x1 with a couple of manual module loads upon apparent failure of the automatic module loading ... cat /proc/net/ip_tables_targets SECMARK CONNMARK CONNMARK DNAT SNAT MARK MARK MARK ERROR On another .... cat /proc/net/ip_tables_targets TCPMSS LOG REJECT DNAT SNAT ERROR REDIRECT ECN SECMARK TRACE NFQUEUE NFLOG DSCP CONNSECMARK MARK MARK CONNMARK CLASSIFY NETMAP MASQUERADE TOS I've tried manually loading every possible netfilter module and googled endlessly. Seems I'm missing something or it is broken. Can anyone let me in on this? Cheers, Lew -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
