On Wed, 14 Oct 2015 12:52:19 -0400, Selva Nair wrote:

> The manpage is probably referring to routing of received and forwarded
> packets, not outgoing packets.
> 
> As far as I know, PREROUTING chain is traversed by packets coming in
> from the network, not by locally generated packets. So if this is a
> router forwarding packets for other machines, yes you need to mark the
> packets in the PREROUTING chain. But that won't mark any locally
> generated traffic including your traceroute packets.
> 
> Selva

Thanks a lot for your explanations above.  But I still have the following 
confusions with respect to access a website, say, google.com.

I mean, when I want to access a  remote website, say, google.com,  then I 
must first have some locally generated packages which are destined to 
google.com, then the google.com will also need to replay to me and 
transfer some data back to me.  In this latter case, the packages will be 
the traffic generated by the google web server, and not in the OUTPUT 
chain.

If I only give some rules on OUTPUT chain, is this adequate for me to 
interactive the remote web server?

Regards
-- 
.: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.


------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to