From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sudheer Divakaran Subject: Re: mark feature not working as expected Date: Thu, 28 Oct 2004 16:43:34 +0530 Sender: netfilter-bounces@lists.netfilter.org Message-ID: <4180D45E.9040303@svw.com> References: <4180D2E2.2000606@svw.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4180D2E2.2000606@svw.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org Hi Everybody, Sorry, When I composed the mail, I gave wrong network card info. Actually the cards are eth0, eth1, eth2 respectively. Here is the corrected email. Thanks, Sudheer Sudheer Divakaran wrote: > Hi, > I'm facing a problem with MARK target. > My Linux box has 3 network cards > > eth0 - LAN1 > eth1 - LAN2 > eth2 - ISP > > My problem is that my Lan machines are not able to communicate with > each other (i.e. LAN1 <-> LAN2). Firewall blocks them. But my lan > clients have no problem in accessing internet!!. > > Here is my configuration. > > > # eth0 - LAN1 > # eth1 - LAN2 > # eth2 - ISP > > iptables -F > iptables -X > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > iptables -t nat -A PREROUTING -i eth0 -o eth1 -j MARK --set-mark 1 > #THIS IS NOT WORKING > iptables -t nat -A PREROUTING -i eth1 -o eth0 -j MARK --set-mark 1 > #THIS IS NOT WORKING > > #Other rules follows... Not listed here > > iptables -A FORWARD -m mark --mark 1 -j ACCEPT #THIS IS NOT WORKING > > #Other rules follows... Not listed here > > > I know that I can do it directly from the FORWARD chain of filter > table, but I'm using SQUID for transparent proxying for some machines > (Those rules are not listed here), so I want to mark some packets. > Could someone please help me on this? > > > Thanks > Sudheer > >