* useing mangle to mark packets @ 2005-05-25 7:12 Sven Neukirchner 2005-05-25 12:41 ` Jason Opperisano 0 siblings, 1 reply; 3+ messages in thread From: Sven Neukirchner @ 2005-05-25 7:12 UTC (permalink / raw) To: netfilter Hello, I use Linux with iptables as Router. I want to mark several Packets which are coming from my Clients in my Network and where the destination ist the internet. so I set following rule as example: iptables -t mangle -o $DEV -A POSTROUTING -p ICMP -j MARK --set-mark 1 Is there a way to check if the packets get marks? I tryed following: iptables -A FORWARD -p ICMP -m mark --mark 1 -j LOG --log-prefix "mark " --log-level 6 But it doesnt work. I want to set up traffice shaping using tc. So I need to mark packets so I can put them in order. Thanks Sven ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: useing mangle to mark packets 2005-05-25 7:12 useing mangle to mark packets Sven Neukirchner @ 2005-05-25 12:41 ` Jason Opperisano 2005-05-25 18:19 ` Http connections left in FIN_WAIT1 Brian Atkins 0 siblings, 1 reply; 3+ messages in thread From: Jason Opperisano @ 2005-05-25 12:41 UTC (permalink / raw) To: netfilter On Wed, May 25, 2005 at 09:12:47AM +0200, Sven Neukirchner wrote: > iptables -t mangle -o $DEV -A POSTROUTING -p ICMP -j MARK --set-mark 1 > > Is there a way to check if the packets get marks? > > I tryed following: > > iptables -A FORWARD -p ICMP -m mark --mark 1 -j LOG --log-prefix > "mark " --log-level 6 > > But it doesnt work. because mangle:POSTROUTING is traversed after filter:FORWARD. > I want to set up traffice shaping using tc. > So I need to mark packets so I can put them in order. mark your packet in either mangle:PREROUTING or mangle:FORWARD. -j -- "Susan Sarandon: I'm Susan Sarandon. Most of you know me as Tim Robbins' mother, but actually I'm his wife!" --Family Guy ^ permalink raw reply [flat|nested] 3+ messages in thread
* Http connections left in FIN_WAIT1... 2005-05-25 12:41 ` Jason Opperisano @ 2005-05-25 18:19 ` Brian Atkins 0 siblings, 0 replies; 3+ messages in thread From: Brian Atkins @ 2005-05-25 18:19 UTC (permalink / raw) To: netfilter I am in the process of testing connectivity through my firewall. I have a server on my inside network that is being natted at the firewall from a public address to our internal, private address space (rfc1918). Using a box from the outside (www), I am able to connect to the server (ala links2). The data transfer starts and I get the message "Received 0 B of 1.4 kB, avg 0 B/s ...", but it times out after a couple of minutes. On the server side, I see the connection being established, but stops at FIN_WAIT1. Internally, the page displays just fine on a box very similar to the external box. Iptables, at the moment, only has rules to allow specific ports (80,443) from the outside with a state of NEW, ESTABLISHED, or RELATED. Going back the other way, pretty much everything is allowed with an ESTABLISHED, or RELATED state. I don't have any rules doing tcp resets, only accept or log/reject. Brian ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-05-25 18:19 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-05-25 7:12 useing mangle to mark packets Sven Neukirchner 2005-05-25 12:41 ` Jason Opperisano 2005-05-25 18:19 ` Http connections left in FIN_WAIT1 Brian Atkins
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.