[LARTC] Re: IMQ

[Patrick McHardy <kaber@trash.net>]

Hi.

Odri Kornel wrote:
> Thank you for your quick answer.
> 
> My problem was that although imq is a device it is called via iptables like a 
> table just as snat. As far as I know if iptables finds a matching rule, it 
> jumps out of the chain, and does not process the other rules. Is this where I 
> made a mistake? I haven't found any description about this...

Yes this is not true. If a packet is not explicit dropped / accepted it 
continues traversal. Think about the MARK target, in fact the IMQ target 
is just a modified MARK target.
Also, the imq device is not called via iptables, iptables is just used 
for specifying that the current packet should pass through the imq 
device at a later point. The IMQ device feeds itself through netfilter 
hooks, so in theory you could f.e. mark all IPX/whatever packets 
somewhere during their processing and they would pass the imq device, too.

> So, youre saying, that the packet will be processed trough the other 
> postrouting rules after being marked by the mangle rule?
> 
> For ex.:
> 
> iptables -t mangle -A POSTROUTING -o eth0 -j IMQ
> iptables -t mangle -A POSTROUTING -o ipsec0 -j IMQ
> iptables -t nat -A POSTROUTING -j SNAT ...
> 
> This should work?

Yes.
Bye,
Patrick

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/