From: "U.Mutlu" <for-gmane@mutluit.com>
To: netfilter@vger.kernel.org
Subject: Re: IPTABLES + PREROUTING + --set-mark + Ubuntu
Date: Fri, 16 Jan 2015 04:31:45 +0100 [thread overview]
Message-ID: <m9a0n1$rp1$1@ger.gmane.org> (raw)
In-Reply-To: <CAJb3rWA+2mHMZh3BUVkvmv_ok0pnvx5kavFx3esOBupnFh600g@mail.gmail.com>
The Media Server wrote, On 01/16/2015 04:12 AM:
> both port are forwarded to my linux pc 80 and 22 in my router ;)
>
> Public ip address is block because of my vpn enabled...
>
> like i said if I deviate my connections to my table 2 like so with vpn enabled:
> ip rule add from 192.168.2.0/24 table 2
> all my inbound connection works with my public ip address and that is the goal.
> I just want the thing to work on a port basis.
Ok, now I understand your problem :-)
In this case try this instead of the above (I think this you even had in your
prev postings):
ip rule add fwmark 2 table 2
And add this for marking the pkts based on port(s):
iptables -t mangle -A PREROUTING -p tcp -m multiport --ports 80,22 -j MARK
--set-mark 2
Both commands should be placed as early as possible within your script.
> Anyways i'll experiment.. i will try to remove all table, stop vpn.
> make an empty or wrong table main..
> and try to mark my packets and forward them to table 2
>
> I will give you the results.. if that doesn't work we will know there
> is problem with the marking system, if it works, the problem is
> somewhere in my vpn setup..
>
> thks again!
next prev parent reply other threads:[~2015-01-16 3:31 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-16 3:12 IPTABLES + PREROUTING + --set-mark + Ubuntu The Media Server
2015-01-16 3:31 ` U.Mutlu [this message]
-- strict thread matches above, loose matches on Subject: below --
2015-01-16 20:05 P-o Lévesque
2015-01-16 14:03 The Media Server
2015-01-16 5:33 The Media Server
2015-01-16 8:15 ` U.Mutlu
2015-01-16 3:49 P-o Lévesque
2015-01-16 4:51 ` The Media Server
2015-01-16 2:45 The Media Server
2015-01-16 2:53 ` U.Mutlu
2015-01-16 2:24 The Media Server
2015-01-16 2:35 ` U.Mutlu
2015-01-16 2:15 The Media Server
2015-01-16 2:27 ` U.Mutlu
2015-01-16 2:02 The Media Server
2015-01-16 2:14 ` U.Mutlu
2015-01-16 1:53 The Media Server
2015-01-16 2:02 ` U.Mutlu
2015-01-16 1:48 The Media Server
2015-01-15 22:34 The Media Server
2015-01-16 0:59 ` U.Mutlu
2015-01-16 1:03 ` U.Mutlu
2015-01-16 9:16 ` Pascal Hambourg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='m9a0n1$rp1$1@ger.gmane.org' \
--to=for-gmane@mutluit.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.