On 10/10/05, Mariusz Kruk <[EMAIL PROTECTED]> wrote: > Nelson Castillo napisaĆ(a): > >># iptables -t mangle -A PREROUTING -s <LAN_IP> -j MARK --set-mark 5 > > I guess you should use the conntrack module. I'm not sure, > > but I think you're marking only the first packet of the > > connection. > > Naaah. What does mangling packets have to do with connection tracking?
Naaaah. I said I had a different scenario. Now I remember I'm using DNAT for the load balancer and I need to mark the connections when they come from the internet so I can route them back using the correct interface. He doesn't need conntrack... Anyway, whe wanted to know if someone had CONFIG_IP_ROUTE_FWMARK working in Debian and we told him we do. -- Homepage : http://geocities.com/arhuaco The first principle is that you must not fool yourself and you are the easiest person to fool. -- Richard Feynman.