[LARTC] Re: Pb routing/fwmark
Frédéric Massot
frederic at juliana-multimedia.com
Thu Dec 29 18:39:34 CET 2005
Jody Shumaker wrote:
>
[...]
>
> This was definately your problem. How is this "connection tracking" ?
> all these rules say is, if the state matches established or related,
> then accept it. When that happens, no further processing is done. You
> basically made all packets for previously established or related
> connections not get marked as they left the chain before the mark
> targets. Running :
> iptables -t mangle -L -xvn
> Would have likely shown hardly any hits to the set mark rules, and the
> majority of the packets hitting those above 5 rules.
>
[...]
>
> I only think you needed to either remove those -j ACCEPT targets,
> optionally change it so they are at the end of the chain, or atleast
> after the -j MARK targets.
>
In the general case with several interfaces, how to mark the packets so
that some use one interface. I do not know if my configuration is correct.
Regards.
--
==============================================
| FREDERIC MASSOT |
| http://www.juliana-multimedia.com |
| mailto:frederic at juliana-multimedia.com |
===========================Debian=GNU/Linux===
More information about the LARTC
mailing list