On Tue, 05 Apr 2011 16:39:05 -0700, Tom Eastep <[email protected]> wrote :
> On 4/5/11 4:09 PM, lanas wrote: > > > > > tcrules > #MARK SOURCE DEST PROTO DEST SOURCE > 2 0.0.0.0/0 192.168.2.2 tcp - 80 > 3 0.0.0.0/0 192.168.2.2 tcp - 3000 > You are marking in the PREROUTING chain; from the generated Netfilter > rules, I can see that MARK_IN_FORWARD_CHAIN=No in shorewall.conf. You > must mark in the FORWARD or POSTROUTING chain because marks set in > PREROUTING are cleared after routing occurs. Thanks. At the moment I have no idea how to specifically mark at any point in the processing chains, but I'll look it up in the complex TC Shorewall info page. I think it has to do with adding a certain :<flag> after the mark. I am still puzzled by the observation that on a older Shorewall (4.0.x) this same config works and on 4.4.x it doesn't. That sounds as if all previous configurations must be somehow adapted in post install scripts when upgrading to a newer Shorewall, does it ? It also sounds as if the procedure in newer Shorewalls has changed, requiring the possible addition of those chain-specific marks. Is this the case ? ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
