> Chain DIVERT (1 references)
> num target prot opt source destination
> 1 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK
> xset 0x1/0xffffffff
I'm suspecting the mark of "0x1/0xffffffff" originally in the tutorial was
a typo.
Does it work any better when you change that to "0x1/0x1" ?
Amos
> 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Sorry for my last resending email. Actually I didn't have Amos reply in my inbox but I could find it on the Mailing List archive. Anyway here is my /etc/sysconfig/iptabels :
# Generated by iptables-save v1.4.0 on Sat Feb 7 20:35:14 2009
*mangle
:PREROUTING ACCEPT [128:6984]
:INPUT ACCEPT [374:23437]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [399:39633]
:POSTROUTING ACCEPT [399:39633]
:DIVERT - [0:0]
-A PREROUTING -p tcp -m socket -j DIVERT
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip 87.247.162.2 --tproxy-mark 0x1/0x1
-A DIVERT -j MARK --set-mark 0x1
-A DIVERT -j ACCEPT
COMMIT
# Completed on Sat Feb 7 20:35:14 2009
# Generated by iptables-save v1.4.0 on Sat Feb 7 20:35:14 2009
*filter
:INPUT ACCEPT [23497:12515842]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [20117:6174742]
COMMIT
# Completed on Sat Feb 7 20:35:14 2009
As you can see there is no 0x1/0xfffffff there ! it is just 0x1 but the iptables itself show it as what I paste in my last email itself. Any idea ?
_Hamid
