On 11/04/2011 14:00, Evan Pierce wrote:
On 2011/04/11 2:31 PM, John Lister wrote:
Have you saved/restored the marks in the conntrack table? Otherwise they
will be lost for all subsequent packets.. eg:
-j CONNMARK --save-mark
John
John
No I haven't do I need a rule like:
iptables -t mangle -A PREROUTING -j CONNMARK --save-mark
or rather
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
I do this:
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -somerules -j MARK --set-mark xx
iptables -t mangle -A PREROUTING -somerules -j CONNMARK --save-mark
Generally, i have separate tables that do the mark/saving so as to only put the rules in once.
I also have a route for the local net in my fwmark(ed) tables.
Hope that helps
John
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
