On Wed, 14 Oct 2015 02:05:38 -0400, Selva Nair wrote:
> This should work for forwarded packets, but for locally generated
> traffic you will need to mangle them in the OUTPUT chain.
I've tried with the OUTPUT chain, but still it failed for me to access
google.com via openvpn.
The traceroute to 8.8.8.8 showing as follows:
werner@debian-01:~$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
In addition, from the manpage of iptables-extensions gives the following
notes:
MARK
[...]
If you plan on doing so, note that the mark
needs to be set in the PREROUTING chain of
the mangle table to affect routing.
Any hints for my issue?
Regards
--
.: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
