From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sudheer Divakaran Subject: mark feature not working as expected Date: Thu, 28 Oct 2004 16:37:14 +0530 Sender: netfilter-bounces@lists.netfilter.org Message-ID: <4180D2E2.2000606@svw.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org Hi, I'm facing a problem with MARK target. My Linux box has 3 network cards eth0 - LAN1 eth2 - LAN2 eth3 - ISP My problem is that my Lan machines are not able to communicate with each other (i.e. LAN1 <-> LAN2). Firewall blocks them. But my lan clients have no problem in accessing internet!!. Here is my configuration. # eth0 - LAN1 # eth2 - LAN2 # eth3 - ISP iptables -F iptables -X iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -t nat -A PREROUTING -i eth0 -o eth2 -j MARK --set-mark 1 #THIS IS NOT WORKING iptables -t nat -A PREROUTING -i eth1 -o eth0 -j MARK --set-mark 1 #THIS IS NOT WORKING #Other rules follows... Not listed here iptables -A FORWARD -m mark --mark 1 -j ACCEPT #THIS IS NOT WORKING #Other rules follows... Not listed here I know that I can do it directly from the FORWARD chain of filter table, but I'm using SQUID for transparent proxying for some machines (Those rules are not listed here), so I want to mark some packets. Could someone please help me on this? Thanks Sudheer