[LARTC] iptables & tc - 3 marks

[LARTC] iptables & tc - 3 marks

[mah]

Hi....

Help me please!!!

I am using Linux Redhat as router of the my network.   I am to making NAT and firewall.

In my iptables script, I need make 3 MARKs for the same packet, as following 

# It marks the packets that will go for link ADSL  (I have 2 links - adsl 2Mb   and  'dedicate link' 256Mb )
# I am using  'ip rule / ip route'  to make this 
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark 2000
iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK --set-mark 2000

# It marks the packets that will be  shapped   ( upload   with cbq )
iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55  -j MARK --set-mark 501
....
iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff  -j MARK --set-mark 631
###.  I have 130 hosts in my network


# It marks the packages that priority has ( with 'tc prio' command)
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK --set-mark 110



But only last mark does function

Have solution ??  How to do?

#Marcio P. Silva
#linuXuser
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] iptables & tc - 3 marks

[Brian J. Murrell]

[-- Attachment #1: Type: text/plain, Size: 1478 bytes --]

On Tue, 2004-11-30 at 00:12 -0200, mah@rapidnet.com.br wrote:
> Hi....
> 
> Help me please!!!
> 
> I am using Linux Redhat as router of the my network.   I am to making NAT and firewall.
> 
> In my iptables script, I need make 3 MARKs for the same packet, as following 
> 
> # It marks the packets that will go for link ADSL  (I have 2 links - adsl 2Mb   and  'dedicate link' 256Mb )
> # I am using  'ip rule / ip route'  to make this 
> iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark 2000
> iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK --set-mark 2000
> 
> # It marks the packets that will be  shapped   ( upload   with cbq )
> iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55  -j MARK --set-mark 501
> ....
> iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff  -j MARK --set-mark 631
> ###.  I have 130 hosts in my network
> 
> 
> # It marks the packages that priority has ( with 'tc prio' command)
> iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100
> iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100
> iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK --set-mark 110
> 
> 
> 
> But only last mark does function

I have just this hour started looking at marking packets, so my
information could be wrong, but I believe that --set-mark <n> where n is
an integer from 1-255.  You cannot use values greater than 255.

b.


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] iptables & tc - 3 marks

[Lluis]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

el Diumenge 19 Desembre 2004 20:32, Brian J. Murrell va escriure:
> On Tue, 2004-11-30 at 00:12 -0200, mah@rapidnet.com.br wrote:
> > Hi....
> >
> > Help me please!!!
> >
> > I am using Linux Redhat as router of the my network.   I am to making NAT
> > and firewall.
> >
> > In my iptables script, I need make 3 MARKs for the same packet, as
> > following
> >
> > # It marks the packets that will go for link ADSL  (I have 2 links - adsl
> > 2Mb   and  'dedicate link' 256Mb ) # I am using  'ip rule / ip route'  to
> > make this
> > iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark
> > 2000 iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK
> > --set-mark 2000
> >
> > # It marks the packets that will be  shapped   ( upload   with cbq )
> > iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55  -j MARK
> > --set-mark 501 ....
> > iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff  -j MARK
> > --set-mark 631 ###.  I have 130 hosts in my network
> >
> >
> > # It marks the packages that priority has ( with 'tc prio' command)
> > iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100
> > iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100
> > iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK
> > --set-mark 110
> >
> >
> >
> > But only last mark does function
>
> I have just this hour started looking at marking packets, so my
> information could be wrong, but I believe that --set-mark <n> where n is
> an integer from 1-255.  You cannot use values greater than 255.
>
> b.

I'm using values greater than 255, may be you need to install mark modules? 

- -- 

ID 0x834D5708
wget http://www.awacat.com/clausGPG/publica_tictac.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBxvB9LGhud4NNVwgRAuVLAKC5YgJN/0VBy6vA4+d+rqZNyqxIlQCfacf3
Ujp2PjGND7iDf0x6N2VBhyk=QGQ7
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/