Hi, As per your suggestion, i set LOG options after DIVERT MARK rule and TPROXY rule and i can see logs of traffic.But I configure rule of tproxy for dport 80 to redirect to port 3129 for tcp but when i check log messages , it is showing for UDP and for port 53 which is DNS one. and in socket log prefix i can see dport 80 log messagess. my iptables rules: cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Mon Aug 22 23:16:10 2011 *mangle :PREROUTING ACCEPT [55:7813] :INPUT ACCEPT [3019:751575] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2731:1227997] :POSTROUTING ACCEPT [2731:1227997] :DIVERT - [0:0] -A PREROUTING -p tcp -m socket -j DIVERT -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1 -A PREROUTING -j LOG --log-prefix "TPROXY PACKET" --log-level 1 -A DIVERT -j MARK --set-xmark 0x1/0xffffffff -A DIVERT -j LOG --log-prefix "SOCKET packets" --log-level 1 -A DIVERT -j ACCEPT Thanks, Tej -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
