Re: Marks set in PREROUTING got lost

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Clemens <clemens.schaefer@gmx.de>
To: netfilter@lists.netfilter.org
Subject: Re: Marks set in PREROUTING got lost
Date: Thu, 28 Sep 2006 18:06:48 +0200	[thread overview]
Message-ID: <451BF318.2010200@gmx.de> (raw)
In-Reply-To: <Pine.LNX.4.61.0609281253020.30351@yvahk01.tjqt.qr>

[-- Attachment #1: Type: text/plain, Size: 1216 bytes --]

> -j MARK => per-packet
> -j CONNMARK => per-connection

thank you

> 
>> through a certain user defined chain. I guess this is a mark per packet.
>> The particular chain lookes like this:
>>
>>
>> Chain FWD_WWW-101 (2 references)
>> target     prot opt source               destination
>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           quota:
>> 100000000 bytes
>> MARK       all  --  0.0.0.0/0            0.0.0.0/0           MARK
>> set 0x65
>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           quota:
>> 1000000 bytes
>> MARK       all  --  0.0.0.0/0            0.0.0.0/0           MARK
>> set 0x1
> 
> MARK is only allowed in the mangle table.
> 
Yes I know that. The abstract above comes from the mangle table, the
name of the userdefined chain (which I jump into from PREROUTING
mangle) might be a bit irritating, I admit, but it has nothing to do
with FORWARD.

> http://www.imagestream.com/~josh/PacketFlow.png
> 
> PREROUTING comes before FORWARD.

Yes I also know that. The Packets get marked correctly, I checked
that in FORWARD filter, but in PREROUTING nat they are not, even
though they should have been, hence I cannot dnat

--
Clemens


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 250 bytes --]

next prev parent reply	other threads:[~2006-09-28 16:06 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-27 23:50 Marks set in PREROUTING got lost Clemens
2006-09-28  8:29 ` Jan Engelhardt
2006-09-28  9:36   ` Clemens
2006-09-28 10:55     ` Jan Engelhardt
2006-09-28 16:06       ` Clemens [this message]
2006-09-28 12:17     ` Lucas Diaz
2006-09-28 12:31       ` Jan Engelhardt
2006-09-28 16:05         ` Clemens
2006-09-29  6:15           ` Jan Engelhardt
     [not found]           ` <359510883.21717@mail.nankai.edu.cn>
2006-09-30  6:29             ` Bo Yang
2006-09-30  6:29               ` Bo Yang
     [not found] <359401435.12133@mail.nankai.edu.cn>
2006-09-29  4:44 ` Bo Yang
2006-09-29  4:44   ` Bo Yang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=451BF318.2010200@gmx.de \
    --to=clemens.schaefer@gmx.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.