From mboxrd@z Thu Jan  1 00:00:00 1970
From: FB <register@flintz.de>
Date: Fri, 09 Jul 2004 23:12:31 +0000
Subject: [LARTC] Re: layer 7 netfilter not working
Message-Id: <40EF265F.4000304@flintz.de>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

> I wouldn't bet the layer7 match works in table filter. You could try
> 
> $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7dir /etc/l7-protocols
> --l7proto ftp -j LOG --log-prefix 'marked: '
> 
> and watch your logs. Um, and /etc/l7-protocols does contain your pattern
> definitions, right?

Yes there are my definition. And your idea with the logging was great, I 
did it and guess what, the packets showed up in /var/log/syslog, so I 
guess the layer7 classifier is working, but now I wonder why it still 
doesn't shape (and remember DROP didn't work either, but there I am not 
sure if it wasn't a configure mistake by me).

I changed the line back to:

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7dir /etc/l7-protocols 
--l7proto ftp -j MARK --set-mark 322

But the shaping still doesn't work. I didn't want to terrorize you all 
by posting my whole shapingskript here, so I uploaded it here:

http://www.flintz.de/shaping.txt

Would be really nice if someone could search the script for any mistakes!

-FB
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/