From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Scott Date: Fri, 28 Dec 2001 11:44:30 +0000 Subject: RE: [LARTC] PREROUTING doubts !! Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org > iptables -A PREROUTING -t nat -i eth1 ... -j REDIRECT --to-port 3128 > iptables -A PREROUTING -t mangle -i eth1..... -j mark 1 I don't think that will do what you want. The first iptables command will A(dd) an entry to the nat table. Your second command adds an entry to the mangle table. So even though one command immediately follows the other in your script, packets won't see them that way. Do this to see the order of tests in your tables: iptables -L -v -n -t nat iptables -L -v -n -t mangle I have never been clear about the exact order of tables/chains packets see so I don't know which table they will traverse first. - Greg -----Original Message----- From: Arindam Haldar [mailto:ahiam@yahoo.com] Sent: Friday, December 28, 2001 2:29 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] PREROUTING doubts !! hi all, i want 2 know if the follwing is correct iptables -A PREROUTING -t nat -i eth1 ... -j REDIRECT --to-port 3128 iptables -A PREROUTING -t mangle -i eth1..... -j mark 1 the intention is to send http pkts first to transpaent squid else use routing based on cost & bandwidth ! will be very thanful to u 4 cealring this doubt arindam haldar _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/