On Wed, 14 Oct 2015 12:52:19 -0400, Selva Nair wrote: > The manpage is probably referring to routing of received and forwarded > packets, not outgoing packets. > > As far as I know, PREROUTING chain is traversed by packets coming in > from the network, not by locally generated packets. So if this is a > router forwarding packets for other machines, yes you need to mark the > packets in the PREROUTING chain. But that won't mark any locally > generated traffic including your traceroute packets. > > Selva
Thanks a lot for your explanations above. But I still have the following confusions with respect to access a website, say, google.com. I mean, when I want to access a remote website, say, google.com, then I must first have some locally generated packages which are destined to google.com, then the google.com will also need to replay to me and transfer some data back to me. In this latter case, the packages will be the traffic generated by the google web server, and not in the OUTPUT chain. If I only give some rules on OUTPUT chain, is this adequate for me to interactive the remote web server? Regards -- .: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :. ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
