From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Date: Tue, 14 May 2002 10:24:23 +0000 Subject: [LARTC] Re: IMQ Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi. Odri Kornel wrote: > Thank you for your quick answer. > > My problem was that although imq is a device it is called via iptables like a > table just as snat. As far as I know if iptables finds a matching rule, it > jumps out of the chain, and does not process the other rules. Is this where I > made a mistake? I haven't found any description about this... Yes this is not true. If a packet is not explicit dropped / accepted it continues traversal. Think about the MARK target, in fact the IMQ target is just a modified MARK target. Also, the imq device is not called via iptables, iptables is just used for specifying that the current packet should pass through the imq device at a later point. The IMQ device feeds itself through netfilter hooks, so in theory you could f.e. mark all IPX/whatever packets somewhere during their processing and they would pass the imq device, too. > So, youre saying, that the packet will be processed trough the other > postrouting rules after being marked by the mangle rule? > > For ex.: > > iptables -t mangle -A POSTROUTING -o eth0 -j IMQ > iptables -t mangle -A POSTROUTING -o ipsec0 -j IMQ > iptables -t nat -A POSTROUTING -j SNAT ... > > This should work? Yes. Bye, Patrick _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/