search for: set_mark

Suppose: ipchains -A forward -s inside_net -d 0/0 -j MASQ -m 100 (similar setup with iptables: iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j SNAT iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j MARK --set_mark 100) eth0 = outside iface eth1 = inside iface now: tc filter add dev eth0 ... handle 100 fw should catch packets marked by the above rule in ipchains (iptables). Ok. When the packet returns, the masq/nat code will find it in it''s table and demasquerade it (as if by an invisible inverse...