From: Sudheer Divakaran <sudheer@svw.com>
To: Victor Julien <victor@nk.nl>
Cc: netfilter@lists.netfilter.org
Subject: Re: mark feature not working as expected
Date: Thu, 28 Oct 2004 16:46:53 +0530 [thread overview]
Message-ID: <4180D525.6030105@svw.com> (raw)
In-Reply-To: <200410281305.32933.victor@nk.nl>
Hi Victor,
I'm really sorry. Yes. I was using 'mangle' table. Sorry for the
inconvenience.
Thanks
Sudheer
Victor Julien wrote:
> Hi Sudheer,
>
> As far as i know you can only use --set-mark in the mangle table. You are
> trying to use it in the nat table.
>
> Try:
> iptables -t mangle -A PREROUTING -i eth0 -o eth2 -j MARK --set-mark 1
> iptables -t mangle -A PREROUTING -i eth1 -o eth0 -j MARK --set-mark 1
>
> Regards,
> Victor
>
> On Thursday 28 October 2004 13:07, Sudheer Divakaran wrote:
>
>> Hi,
>> I'm facing a problem with MARK target.
>>
>> My Linux box has 3 network cards
>>
>> eth0 - LAN1
>> eth2 - LAN2
>> eth3 - ISP
>>
>> My problem is that my Lan machines are not able to communicate with each
>> other (i.e. LAN1 <-> LAN2). Firewall blocks them. But my lan clients
>> have no problem in accessing internet!!.
>>
>> Here is my configuration.
>>
>>
>> # eth0 - LAN1
>> # eth2 - LAN2
>> # eth3 - ISP
>>
>> iptables -F
>> iptables -X
>> iptables -P INPUT DROP
>> iptables -P OUTPUT DROP
>> iptables -P FORWARD DROP
>>
>> iptables -t mangle -A PREROUTING -i eth0 -o eth2 -j MARK --set-mark 1
>> #THIS IS NOT WORKING
>> iptables -t mangle -A PREROUTING -i eth1 -o eth0 -j MARK --set-mark 1
>> #THIS IS NOT WORKING
>>
>> #Other rules follows... Not listed here
>>
>> iptables -A FORWARD -m mark --mark 1 -j ACCEPT #THIS IS NOT WORKING
>>
>> #Other rules follows... Not listed here
>>
>>
>> I know that I can do it directly from the FORWARD chain of filter table,
>> but I'm using SQUID for transparent proxying for some machines (Those
>> rules are not listed here), so I want to mark some packets. Could
>> someone please help me on this?
>>
>>
>> Thanks
>> Sudheer
>
>
next prev parent reply other threads:[~2004-10-28 11:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-28 11:07 mark feature not working as expected Sudheer Divakaran
2004-10-28 11:05 ` Victor Julien
2004-10-28 11:16 ` Sudheer Divakaran [this message]
2004-10-28 11:40 ` Sudheer Divakaran
2004-10-28 11:13 ` Sudheer Divakaran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4180D525.6030105@svw.com \
--to=sudheer@svw.com \
--cc=netfilter@lists.netfilter.org \
--cc=victor@nk.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.