From mboxrd@z Thu Jan  1 00:00:00 1970
From: tomdeb <tom@debost.net>
Date: Sat, 03 Feb 2007 01:44:15 +0000
Subject: [LARTC] Marks not working...
Message-Id: <20070203014415.GA15078@snoopy>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi,

I am experimenting a little bit with my firewall and I don't seem to get
my head round marks ...

I try to mark p2p packets generated on the firewall in the output chain
and then try to match that mark either in NAT OUTPUT or POSTROUTING

I don't seem to get the expected result. 

Any help or clue would be more than welcome.


root@droopy:~/firewall > iptables-view -t mangle
Chain PREROUTING (policy ACCEPT 33890 packets, 16M bytes) num   pkts bytes target     prot opt in     out     source destination

Chain INPUT (policy ACCEPT 24751 packets, 12M bytes) num   pkts bytes target     prot opt in     out     source destination

Chain FORWARD (policy ACCEPT 9146 packets, 4557K bytes) num   pkts bytes target     prot opt in     out     source destination

Chain OUTPUT (policy ACCEPT 59M packets, 61G bytes) num   pkts bytes target     prot opt in     out     source destination
1        3   324 LOG        0    --  *      *       0.0.0.0/0 0.0.0.0/0           ipp2p v0.8.2 --ipp2p LOG flags 0 level 4 prefix ` OUT IPP2P '
2        3   324 MARK       0    --  *      *       0.0.0.0/0 0.0.0.0/0           ipp2p v0.8.2 --ipp2p MARK set 0x2

Chain POSTROUTING (policy ACCEPT 32911 packets, 7397K bytes) num   pkts bytes target     prot opt in     out     source destination
root@droopy:~/firewall > iptables-view -t nat
Chain PREROUTING (policy ACCEPT 973 packets, 62249 bytes) num   pkts bytes target     prot opt in     out     source destination

Chain POSTROUTING (policy ACCEPT 227 packets, 14178 bytes) num   pkts bytes target     prot opt in     out     source destination
1        0     0 LOG        0    --  *      *       0.0.0.0/0 0.0.0.0/0           MARK match 0x2 LOG flags 0 level 4 prefix ` MARK IPP2P '

Chain OUTPUT (policy ACCEPT 226 packets, 14172 bytes) num   pkts bytes target     prot opt in     out     source destination`
1        0     0 LOG        0    --  *      *       0.0.0.0/0 0.0.0.0/0           MARK match 0x2 LOG flags 0 level 4 prefix ` MARK IPP2P '

T o M

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc