From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jon Anderson Date: Mon, 15 Mar 2004 15:28:45 +0000 Subject: Re: [LARTC] Bridge + TC Message-Id: <4055CBAD.10505@rogers.com> List-Id: References: <40559064.6000400@rogers.com> In-Reply-To: <40559064.6000400@rogers.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Jeroen Vriesman wrote: >So I would suggest testing: > >1) no filter rule for 1:10 which is default > > This shouldn't affect things in the end though, correct? (I.e. it's overkill, but it won't hurt anything, right?) (I've also had it pass by default through the 1:1, in which case nothing passed through 1:10, nor 1:20 - everything went through 1:1.) >2) no filters with handle 1, (I start at 101 for the filters) > > >> tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10 "handle 1" - is that not how it picks up on nfmark? If nfmark is set to 1, is this not the part that picks up that nfmark? >3) marking with iptables in mangle PREROUTING > > I have also tried that. I'm using 2.6.3-mm3 -> packets don't seem to pass through iptables anymore unless they're specifically routed rather than bridged (can anyone confirm this?). I have another (2-if, no QoS) bridge running 2.4, and iptables commands filter fine. With this new bridge running 2.6, dropping everything with iptables doesn't work 'iptables -A FORWARD -j DROP' doesn't affect the bridge in the least - hosts continue to talk through the bridge. (Same in ebtables works as expected though.) >should work, it's working fine here on 2.4.24+ebtables > > > Perhaps the key here is 2.4. I might have to revert... Thanks for the input. Now I have something else to try! Cheers, jon _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/