From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?ISO-8859-1?Q?Fr=E9d=E9ric_Massot?= <frederic@juliana-multimedia.com>
Date: Thu, 29 Dec 2005 17:39:34 +0000
Subject: [LARTC] Re: Pb routing/fwmark
Message-Id: <dp170o$8sd$1@sea.gmane.org>
List-Id: <lartc.vger.kernel.org>
References: <douct7$76s$1@sea.gmane.org>
In-Reply-To: <douct7$76s$1@sea.gmane.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To: lartc@vger.kernel.org

Jody Shumaker wrote:
>=20
[...]
>=20
> This was definately your problem.  How is this "connection tracking" ?=20
> all these rules say is, if the state matches established or related,=20
> then accept it.  When that happens, no further processing is done.  You=20
> basically made all packets for previously established or related=20
> connections not get marked as they left the chain before the mark=20
> targets. Running :
> iptables -t mangle -L -xvn
> Would have likely shown hardly any hits to the set mark rules, and the=20
> majority of the packets hitting those above 5 rules.
>=20
[...]
>=20
> I only think you needed to either remove those -j ACCEPT targets,=20
> optionally change it so they are at the end of the chain, or atleast=20
> after the -j MARK targets.
>=20

In the general case with several interfaces, how to mark the packets so=20
that some use one interface.  I do not know if my configuration is correct.

Regards.
--=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
|              FREDERIC MASSOT               |
|     http://www.juliana-multimedia.com      |
|   mailto:frederic@juliana-multimedia.com   |
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=DEbian=3DGNU/Linux=3D
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc