Thanks, double checked it's working:
root@GL-AXT1800:/tmp# tailscale --version
1.96.4-tiny.by.admon.1266
tailscale commit: 41cb72f27119f95b859335f3ffc3434d6ca55e23-dirty
long version: 1.96.4-t41cb72f27-tiny.by.admon.1266
go version: go1.26.3
root@GL-AXT1800:/tmp#
root@GL-AXT1800:/tmp# nft list table ip mangle
table ip mangle {
chain PREROUTING {
type filter hook prerouting priority mangle; policy accept;
ct state established,related ct mark & 0x00ff0000 != 0x00000000 meta mark set ct mark
}
chain OUTPUT {
type filter hook output priority mangle; policy accept;
ct state new meta mark & 0x00ff0000 != 0x00000000 ct mark set meta mark & 0x00ff0000
}
}
root@GL-AXT1800:/tmp#
root@GL-AXT1800:/tmp#
root@GL-AXT1800:/tmp# netns_client.sh -c br-lan 1
Entering existing namespace client_br-lan_1
Entering namespace client_br-lan_1 shell. Type 'exit' to leave.
BusyBox v1.36.1 (2026-04-30 11:01:21 UTC) built-in shell (ash)
[ns:client_br-lan_1] # ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=48 time=121.039 ms
64 bytes from 1.1.1.1: seq=1 ttl=48 time=119.721 ms
64 bytes from 1.1.1.1: seq=2 ttl=48 time=119.364 ms
64 bytes from 1.1.1.1: seq=3 ttl=48 time=119.673 ms
64 bytes from 1.1.1.1: seq=4 ttl=48 time=119.280 ms
^C
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 119.280/119.815/121.039 ms
[ns:client_br-lan_1] #
[ns:client_br-lan_1] #