* useing mangle to mark packets
@ 2005-05-25 7:12 Sven Neukirchner
2005-05-25 12:41 ` Jason Opperisano
0 siblings, 1 reply; 3+ messages in thread
From: Sven Neukirchner @ 2005-05-25 7:12 UTC (permalink / raw)
To: netfilter
Hello,
I use Linux with iptables as Router.
I want to mark several Packets which are coming from my Clients in my
Network and where the destination
ist the internet.
so I set following rule as example:
iptables -t mangle -o $DEV -A POSTROUTING -p ICMP -j MARK --set-mark 1
Is there a way to check if the packets get marks?
I tryed following:
iptables -A FORWARD -p ICMP -m mark --mark 1 -j LOG --log-prefix
"mark " --log-level 6
But it doesnt work.
I want to set up traffice shaping using tc.
So I need to mark packets so I can put them in order.
Thanks Sven
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: useing mangle to mark packets
2005-05-25 7:12 useing mangle to mark packets Sven Neukirchner
@ 2005-05-25 12:41 ` Jason Opperisano
2005-05-25 18:19 ` Http connections left in FIN_WAIT1 Brian Atkins
0 siblings, 1 reply; 3+ messages in thread
From: Jason Opperisano @ 2005-05-25 12:41 UTC (permalink / raw)
To: netfilter
On Wed, May 25, 2005 at 09:12:47AM +0200, Sven Neukirchner wrote:
> iptables -t mangle -o $DEV -A POSTROUTING -p ICMP -j MARK --set-mark 1
>
> Is there a way to check if the packets get marks?
>
> I tryed following:
>
> iptables -A FORWARD -p ICMP -m mark --mark 1 -j LOG --log-prefix
> "mark " --log-level 6
>
> But it doesnt work.
because mangle:POSTROUTING is traversed after filter:FORWARD.
> I want to set up traffice shaping using tc.
> So I need to mark packets so I can put them in order.
mark your packet in either mangle:PREROUTING or mangle:FORWARD.
-j
--
"Susan Sarandon: I'm Susan Sarandon. Most of you know me as Tim
Robbins' mother, but actually I'm his wife!"
--Family Guy
^ permalink raw reply [flat|nested] 3+ messages in thread
* Http connections left in FIN_WAIT1...
2005-05-25 12:41 ` Jason Opperisano
@ 2005-05-25 18:19 ` Brian Atkins
0 siblings, 0 replies; 3+ messages in thread
From: Brian Atkins @ 2005-05-25 18:19 UTC (permalink / raw)
To: netfilter
I am in the process of testing connectivity through my firewall. I have
a server on my inside network that is being natted at the firewall from
a public address to our internal, private address space (rfc1918).
Using a box from the outside (www), I am able to connect to the server
(ala links2). The data transfer starts and I get the message "Received
0 B of 1.4 kB, avg 0 B/s ...", but it times out after a couple of
minutes. On the server side, I see the connection being established,
but stops at FIN_WAIT1. Internally, the page displays just fine on a
box very similar to the external box.
Iptables, at the moment, only has rules to allow specific ports (80,443)
from the outside with a state of NEW, ESTABLISHED, or RELATED. Going
back the other way, pretty much everything is allowed with an
ESTABLISHED, or RELATED state. I don't have any rules doing tcp resets,
only accept or log/reject.
Brian
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-05-25 18:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-25 7:12 useing mangle to mark packets Sven Neukirchner
2005-05-25 12:41 ` Jason Opperisano
2005-05-25 18:19 ` Http connections left in FIN_WAIT1 Brian Atkins
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.