Hi. Where should I set iptables MARK, so that I can then use them for route decision in ip rule fwmark?
# iptables -t mangle -A PREROUTING -s 192.168.1.2 -p udp -m udp --sport 53 -j MARK --set-mark 0x6e # iptables -t mangle -A PREROUTING -s 192.168.1.2 -p udp -m udp --sport 53 -j RETURN # iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport 53 -j MARK --set-mark 0x6e # iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport 53 -j RETURN # iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport 25 -j MARK --set-mark 0x6e # iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport 25 -j RETURN # iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport 82 -j MARK --set-mark 0x6e # iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport 82 -j RETURN + # ip rule add fwmark 0x6e table ExtServers doesn't direct this traffic to ExtServers table, inserting # ip rule add from 192.168.1.2 table ExtServers helps, but this is not what is needed. ================================ Also strange fact: when there is no "ip rule add from 192.168.1.2 table ExtServers" rule the above iptables' counter are not being increased, but with that rule inserted counters are moving :/ -- Покотиленко Костик <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
