From: Patrick McHardy <kaber@trash.net>
To: "Eliot, Wireless and Server Administrator,
Great Lakes Internet" <support8@greatlakes.net>
Cc: lartc@mailman.ds9a.nl,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>
Subject: Re: [LARTC] iptables CLASSIFY and MARK not working?
Date: Thu, 01 Jun 2006 20:01:36 +0000 [thread overview]
Message-ID: <447F47A0.7000104@trash.net> (raw)
In-Reply-To: <0633E0EDB4F25F43A2D7179CA11FAFAB25541A@xavier.staff.greatlakes.net>
Eliot, Wireless and Server Administrator, Great Lakes Internet wrote:
> Bridged iptables (ebtables) is not enabled in the kernel and I cannot
> seem to find a variable "bridge-nf-call-iptables" to set with sysctl:
>
> wireless-r1 linux # sysctl -w bridge-nf-call-iptables=0
> error: "bridge-nf-call-iptables" is an unknown key
>
> There is also no /proc/sys/net/*/bridge anything. I assume that means
> this is not something I need to worry about?
Not sure yet, the problem would be created by CONFIG_BRIDGE_NETFILTER,
not ebtables itself. Check for
"/proc/sys/net/bridge/bridge-nf-call-iptables".
I'm actually pretty sure that this is indeed what's causing the problem,
bridge netfilter defers calling the IP POST_ROUTING hook until the
packet was already transmitted over the device (and before it goes
out the underlying device), which means when it hits the CLASSIFY
target it already passed through the qdisc.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
WARNING: multiple messages have this Message-ID (diff)
From: Patrick McHardy <kaber@trash.net>
To: "Eliot, Wireless and Server Administrator,
Great Lakes Internet" <support8@greatlakes.net>
Cc: lartc@mailman.ds9a.nl,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>
Subject: Re: [LARTC] iptables CLASSIFY and MARK not working?
Date: Thu, 01 Jun 2006 22:01:36 +0200 [thread overview]
Message-ID: <447F47A0.7000104@trash.net> (raw)
In-Reply-To: <0633E0EDB4F25F43A2D7179CA11FAFAB25541A@xavier.staff.greatlakes.net>
Eliot, Wireless and Server Administrator, Great Lakes Internet wrote:
> Bridged iptables (ebtables) is not enabled in the kernel and I cannot
> seem to find a variable "bridge-nf-call-iptables" to set with sysctl:
>
> wireless-r1 linux # sysctl -w bridge-nf-call-iptables=0
> error: "bridge-nf-call-iptables" is an unknown key
>
> There is also no /proc/sys/net/*/bridge anything. I assume that means
> this is not something I need to worry about?
Not sure yet, the problem would be created by CONFIG_BRIDGE_NETFILTER,
not ebtables itself. Check for
"/proc/sys/net/bridge/bridge-nf-call-iptables".
I'm actually pretty sure that this is indeed what's causing the problem,
bridge netfilter defers calling the IP POST_ROUTING hook until the
packet was already transmitted over the device (and before it goes
out the underlying device), which means when it hits the CLASSIFY
target it already passed through the qdisc.
next prev parent reply other threads:[~2006-06-01 20:01 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-19 14:31 [LARTC] iptables CLASSIFY and MARK not working? Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-05-19 17:31 ` Andreas Unterkircher
2006-05-19 19:26 ` Jody Shumaker
2006-05-22 21:56 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-05-23 4:32 ` Jody Shumaker
2006-05-30 19:25 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-05-30 19:49 ` Jason Boxman
2006-05-30 20:12 ` Luciano Ruete
2006-05-30 20:13 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-05-30 20:19 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-05-30 20:25 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 18:13 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 18:22 ` Patrick McHardy
2006-06-01 18:22 ` Patrick McHardy
2006-06-01 18:49 ` [LARTC] " Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 18:49 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 19:09 ` [LARTC] " Patrick McHardy
2006-06-01 19:09 ` Patrick McHardy
2006-06-01 19:38 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 19:38 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 19:44 ` Patrick McHardy
2006-06-01 19:44 ` Patrick McHardy
2006-06-01 19:58 ` [LARTC] " Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 19:58 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 20:01 ` Patrick McHardy [this message]
2006-06-01 20:01 ` [LARTC] " Patrick McHardy
2006-06-01 20:09 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 20:09 ` Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-01 20:10 ` Patrick McHardy
2006-06-01 20:10 ` Patrick McHardy
-- strict thread matches above, loose matches on Subject: below --
2006-06-03 16:43 Eliot, Wireless and Server Administrator, Great Lakes Internet
2006-06-08 7:41 ` Patrick McHardy
2006-06-08 7:41 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=447F47A0.7000104@trash.net \
--to=kaber@trash.net \
--cc=lartc@mailman.ds9a.nl \
--cc=netfilter-devel@lists.netfilter.org \
--cc=support8@greatlakes.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.