Hi, > > iptables -t mangle -A FORWARD -p tcp -o eth0 -s 0/0 --dport ftp -d 0/0 -j MARK > --set-mark 2 > iptables -t mangle -A PREROUTING -p tcp -i eth0 -s 0/0 --dport ftp -d 0/0 -j MARK > --set-mark 2 > iptables -t mangle -A FORWARD -p tcp -o eth0 -s 0/0 --dport ftp-data -d 0/0 -j MARK > --set-mark 7 > iptables -t mangle -A PREROUTING -p tcp -i eth0 -s 0/0 --dport ftp-data -d 0/0 -j > MARK --set-mark 7 > iptables -t mangle -A FORWARD -p tcp -o eth0 -s 0/0 --dport http -d 0/0 -j MARK > --set-mark 5
instead of --dport ftp-data/ftp use -m helper --helper "ftp". Match for port does not work because of the nature of ftp. (passive mode) This can be tricky. Viktor _______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
