From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arindam Haldar Subject: iptables mangle & iproute Date: Wed, 18 Dec 2002 08:41:28 +0530 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3DFFE760.1020204@inbox.lv> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: NETFILTER i all, an extract of my rule tables... 40: from all to 203.x.x.64/25 lookup TABLEa 40: from all fwmark 40 lookup TABLEa 50: from 203.x.x.0/24 lookup TABLEb iptables mangles are as follows.. root@ICG:root# iptables -nvL -t mangle Chain PREROUTING (policy ACCEPT 7995K packets, 2646M bytes) pkts bytes target prot opt in out source destination 85 6908 MARK all -- * * 0.0.0.0/0 203.x.x.64/25 MARK set 0x40 Chain INPUT (policy ACCEPT 526K packets, 252M bytes) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 203.x.x.64/29 0.0.0.0/0 MARK set 0x40 im not able to find the problem for why i cant trace or ping to 203.x.x.64/25 network and vice-versa. i want to add that all forwading rule are there.. it was working when i didnt used _fwmark_ ..want to use fwmark for policy routing... one last but not least things to ask is --> _marking_ based policy routing a good solution that one without _marking_ ??? thanking in advance... A.H