iptables mangle table with custom chain I create a new chain in mangle table: $IPTABLES -N newchain -t mangle After that all the 80's port packets I put to that new chain: $IPTABLES -...--prophetes.ai

iptables mangle table with custom chain I create a new chain in mangle table: $IPTABLES -N newchain -t mangle After that all the 80's port packets I put to that new chain: $IPTABLES -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j newchain After that I mark up the packets of this chain: $IPTABLES -t mangle -A newchain -j MARK --set-mark 11 How can I dnat those packets, that are marked with 11 after that? $IPTABLES -t nat -A PREROUTING -m mark --mark 11 -p tcp --dport 80 -j DNAT --to-destination 172.32.1.2 Doesnt work. Cause after newchain in mangle > packets are going to filter FORWARD, but not to the nat.

NAT is applied after the routing has been determined. So ou need to use the POSTROUTING table -

$IPTABLES -t nat -A POSTROUTING -m mark --mark 11 -p tcp --dport 80 -j DNAT --to-destination 172.32.1.2

I'm not sure why you'd need to continue the qualification of tcp/80 too though, as you have marked them on that basis already.

$IPTABLES -t nat -A POSTROUTING -m mark --mark 11 -j DNAT --to-destination 172.32.1.2