From: Clemens <clemens.schaefer@gmx.de>
To: netfilter@lists.netfilter.org
Subject: Re: Marks set in PREROUTING got lost
Date: Thu, 28 Sep 2006 11:36:20 +0200 [thread overview]
Message-ID: <451B9794.9090209@gmx.de> (raw)
In-Reply-To: <Pine.LNX.4.61.0609281029430.21498@yvahk01.tjqt.qr>
[-- Attachment #1: Type: text/plain, Size: 1333 bytes --]
>
> What marks, per-packet marks or per-connection marks?
>
I am not sure, how to distinguish, I just mark all pakets that pass
through a certain user defined chain. I guess this is a mark per packet.
The particular chain lookes like this:
Chain FWD_WWW-101 (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 quota:
100000000 bytes
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK
set 0x65
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 quota:
1000000 bytes
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK
set 0x1
The goal is to provide full network speed for all NATed computers
for a certain amount of bytes (first quota match), then mark their
packets individually (each computer has its own mangle chain
(FWD_WWW-$computernumber)) with its computernumber in hex, so tc can
slow down their connection to 56k and after the "slow quota" is used
up, the users packets get a different mark (mark 1) and get a DNAT
to an Over Quota webpage, when the user tries to access an outside
webpage, other connectionattempts get droped.
The problem is now, that pakets get marked with the mark 0x1, but in
PREROUTING nat table, this mark never appears.
Thanks, Clemens
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 250 bytes --]
next prev parent reply other threads:[~2006-09-28 9:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-27 23:50 Marks set in PREROUTING got lost Clemens
2006-09-28 8:29 ` Jan Engelhardt
2006-09-28 9:36 ` Clemens [this message]
2006-09-28 10:55 ` Jan Engelhardt
2006-09-28 16:06 ` Clemens
2006-09-28 12:17 ` Lucas Diaz
2006-09-28 12:31 ` Jan Engelhardt
2006-09-28 16:05 ` Clemens
2006-09-29 6:15 ` Jan Engelhardt
[not found] ` <359510883.21717@mail.nankai.edu.cn>
2006-09-30 6:29 ` Bo Yang
2006-09-30 6:29 ` Bo Yang
[not found] <359401435.12133@mail.nankai.edu.cn>
2006-09-29 4:44 ` Bo Yang
2006-09-29 4:44 ` Bo Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=451B9794.9090209@gmx.de \
--to=clemens.schaefer@gmx.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.