From: Lluis <tictac@awacat.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] iptables & tc - 3 marks
Date: Mon, 20 Dec 2004 15:32:06 +0000 [thread overview]
Message-ID: <200412201632.14607.tictac@awacat.com> (raw)
In-Reply-To: <20041130021236.1797.qmail@hm101.locaweb.com.br>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
el Diumenge 19 Desembre 2004 20:32, Brian J. Murrell va escriure:
> On Tue, 2004-11-30 at 00:12 -0200, mah@rapidnet.com.br wrote:
> > Hi....
> >
> > Help me please!!!
> >
> > I am using Linux Redhat as router of the my network. I am to making NAT
> > and firewall.
> >
> > In my iptables script, I need make 3 MARKs for the same packet, as
> > following
> >
> > # It marks the packets that will go for link ADSL (I have 2 links - adsl
> > 2Mb and 'dedicate link' 256Mb ) # I am using 'ip rule / ip route' to
> > make this
> > iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark
> > 2000 iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK
> > --set-mark 2000
> >
> > # It marks the packets that will be shapped ( upload with cbq )
> > iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55 -j MARK
> > --set-mark 501 ....
> > iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff -j MARK
> > --set-mark 631 ###. I have 130 hosts in my network
> >
> >
> > # It marks the packages that priority has ( with 'tc prio' command)
> > iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100
> > iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100
> > iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK
> > --set-mark 110
> >
> >
> >
> > But only last mark does function
>
> I have just this hour started looking at marking packets, so my
> information could be wrong, but I believe that --set-mark <n> where n is
> an integer from 1-255. You cannot use values greater than 255.
>
> b.
I'm using values greater than 255, may be you need to install mark modules?
- --
ID 0x834D5708
wget http://www.awacat.com/clausGPG/publica_tictac.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBxvB9LGhud4NNVwgRAuVLAKC5YgJN/0VBy6vA4+d+rqZNyqxIlQCfacf3
Ujp2PjGND7iDf0x6N2VBhyk=QGQ7
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2004-12-20 15:32 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-30 2:12 [LARTC] iptables & tc - 3 marks mah
2004-12-19 19:32 ` Brian J. Murrell
2004-12-20 15:32 ` Lluis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200412201632.14607.tictac@awacat.com \
--to=tictac@awacat.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.