From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Brian J. Murrell" Date: Sun, 19 Dec 2004 19:32:47 +0000 Subject: Re: [LARTC] iptables & tc - 3 marks Message-Id: <1103484767.14502.143.camel@pc> MIME-Version: 1 Content-Type: multipart/mixed; boundary="=-F34MCd2Oyhfor3Jnn/Va" List-Id: References: <20041130021236.1797.qmail@hm101.locaweb.com.br> In-Reply-To: <20041130021236.1797.qmail@hm101.locaweb.com.br> To: lartc@vger.kernel.org --=-F34MCd2Oyhfor3Jnn/Va Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2004-11-30 at 00:12 -0200, mah@rapidnet.com.br wrote: > Hi.... >=20 > Help me please!!! >=20 > I am using Linux Redhat as router of the my network. I am to making NAT= and firewall. >=20 > In my iptables script, I need make 3 MARKs for the same packet, as follow= ing=20 >=20 > # It marks the packets that will go for link ADSL (I have 2 links - adsl= 2Mb and 'dedicate link' 256Mb ) > # I am using 'ip rule / ip route' to make this=20 > iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark 200= 0 > iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK --set-mark 200= 0 >=20 > # It marks the packets that will be shapped ( upload with cbq ) > iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55 -j MARK --set-= mark 501 > .... > iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff -j MARK --set-= mark 631 > ###. I have 130 hosts in my network >=20 >=20 > # It marks the packages that priority has ( with 'tc prio' command) > iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100 > iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100 > iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK --set= -mark 110 >=20 >=20 >=20 > But only last mark does function I have just this hour started looking at marking packets, so my information could be wrong, but I believe that --set-mark where n is an integer from 1-255. You cannot use values greater than 255. b. --=-F34MCd2Oyhfor3Jnn/Va Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQBBxddfl3EQlGLyuXARAoV3AKDE68Odh7XZbRDTu3rrWgKbKZpFSwCfRhjR bG9s8tqzpUse4AdXkyaR8Fs= =6ZAo -----END PGP SIGNATURE----- --=-F34MCd2Oyhfor3Jnn/Va-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/