On Tue, 2011-10-11 at 11:24 -0300, Ethy H. Brito wrote: > Hi All. > > I am trying to control some outbound traffic thru a Linux NATing box via this: > > $TC filter add dev $INTERNET protocol ip parent 3: pref 1 \ > u32 \ > match ip src 192.168.106.2 \ > flowid 3:5602 > > The problem is that the packets are hooked *after* passing SNAT and all the > rules can see is the outbound IP. So no redirects to the corresponding > flowid occur. > > Is it possible to make the filter rule above "see" the packets before they > get NATed? > How about marking them using an iptables rule before SNAT? The mangle table of POSTROUTING sits before the nat table. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
