Mart Frauenlob a écrit : > On 29.01.2016 11:10, Vigneswaran R wrote: > [...] >> In the FORWARDING chain, you can mark the packets based on incoming >> Interface. Then use the mark to MASQUERADE the packets at the >> POSTROUTING chain. eg., >> >> -t nat -A FORWARD -i eth3 -j MARK --set-mark 0xffff >> -t nat -A POSTROUTING -m mark --mark 0xffff -j MASQUERADE > > there is no FORWARD chain in the nat table. Indeed. > And marking in the nat table > will only mark packets of conntrack state NEW. It doesn't matter. Anyway, MASQUERADE is in the nat table too and only processes packets in the NEW state. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
