From: Lucas Diaz <lucasdiaz@eternet.cc>
To: netfilter@lists.netfilter.org
Subject: NAT with CONNMARK
Date: Wed, 27 Sep 2006 17:37:41 -0300 [thread overview]
Message-ID: <451AE115.4050009@eternet.cc> (raw)
I'm using CONNMARK with layer7 for doing traffic shaping, and it works
great.
My problem is that i want to SNAT packets marked with CONNMARK (actually
i'm doing "-m mark --mark X -j CONNMARK --save-mark"), and no packets go
through the rule "iptables -t nat -A POSTROUTING -m connmark --mark X -j
SNAT --to x.x.x.x".
I also tried using "-m mark --mark X -j SNAT --to x.x.x.x".
All the marking is done on mangle table PREROUTING chain.
What's the difference between MARK and CONNMARK?
I've also got another scenario with -j MARK on mangle table POSTROUTING
chain, and SNAT and it works fine.
I've searching in the web, and it seems to be all fine, but it doesn't work.
Thanx a lot.
reply other threads:[~2006-09-27 20:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=451AE115.4050009@eternet.cc \
--to=lucasdiaz@eternet.cc \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox