On Fri, 24 Sep 2004 20:21:22 +0200, cvok wrote> Hello everybody.Hello.> i think when packet is passing trough my POSTROUTING in mangle table > it can''t match rule 2 or 3, but in the real life it is a little bit different > > iptables -t mangle -L PREROUTING -v > shows following: > Chain PREROUTING (policy ACCEPT 16M packets, 4534M bytes) > pkts bytes target prot opt in out source destination > 159K 53M CONNMARK all -- any any anywhere > anywhere CONNMARK set 0x0 > 1090 112K all -- > any any anywhere anywhere CONNMARK > match 0x5 > 22 1843 all -- any any anywhere > anywhere CONNMARK match 0x6 > > i don''t know if it is correct, so please tell me if it is normal.It''s normal. CONNMARK target doesn''t mean stopping traversing the chain.> MatisBests, Tomasz Chilinski _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello everybody.
i have the folowing problem:
i have this in the top of PREROUTING chain in mangle table
iptables -t mangle -A PREROUTING -j CONNMARK --set-mark 0 # rule 1
iptables -t mangle -A PREROUTING -m connmark --mark 5 # rule 2
iptables -t mangle -A PREROUTING -m connmark --mark 6 # rule 3
i think when packet is passing trough my POSTROUTING in mangle table
it can''t match rule 2 or 3, but in the real life it is a little bit
different
iptables -t mangle -L PREROUTING -v
shows following:
Chain PREROUTING (policy ACCEPT 16M packets, 4534M bytes)
pkts bytes target prot opt in out source destination
159K 53M CONNMARK all -- any any anywhere anywhere
CONNMARK set 0x0
1090 112K all -- any any anywhere anywhere
CONNMARK match 0x5
22 1843 all -- any any anywhere anywhere
CONNMARK match 0x6
i don''t know if it is correct, so please tell me if it is normal.
thanks a lot
Matis
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Dnia piątek 24 wrzesień 2004 19:28, Tomasz Chilinski napisał:> On Fri, 24 Sep 2004 20:21:22 +0200, cvok wrote > > > Hello everybody. > > Hello. > > > i think when packet is passing trough my POSTROUTING in mangle table > > it can''t match rule 2 or 3, but in the real life it is a little bit > > different > > > > iptables -t mangle -L PREROUTING -v > > shows following: > > Chain PREROUTING (policy ACCEPT 16M packets, 4534M bytes) > > pkts bytes target prot opt in out source destination > > 159K 53M CONNMARK all -- any any anywhere > > anywhere CONNMARK set 0x0 > > 1090 112K all -- > > any any anywhere anywhere CONNMARK > > match 0x5 > > 22 1843 all -- any any anywhere > > anywhere CONNMARK match 0x6 > > > > i don''t know if it is correct, so please tell me if it is normal. > > It''s normal. CONNMARK target doesn''t mean stopping traversing the chain.You can match packet againt and use -j RETURN so it would "escape" from current chain. (at least i think so ;> ) -- .: Jakub Głazik (zytek) .: email: zytek@ostrow-wlkp.net .: JID: zytek@azazel.ostrow-wlkp.net .: http://www.misiaj.sie.pl [obsolete] _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/