From mboxrd@z Thu Jan 1 00:00:00 1970 From: miller69@gmx.net Date: Wed, 07 May 2003 09:39:14 +0000 Subject: Re: [LARTC] problem with tc filter Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Hi, > I'm just wondering. You use connmark to mark the whole connection, but > isn't=20 > that only working in 1 direction? =20 Ok, first I was not sure about this question but I took a look at /proc/net/ip_conntrack : tcp 6 379813 ESTABLISHED src=153.19.72.215 dst=139.18.38.96 sport=1240 dport=1214 src=139.18.38.96 dst=153.19.72.215 sport=1214 dport=1240 [ASSURE= D] use=3D1 mark" This is a single entry, so I believe it puts a mark at the wohle connection in both directions. And quick test approved this. I used the following commands to count marked packets in the POSTROUTING chain. iptables -A POSTROUTING -t mangle -o eth0 -m mark --mark 12 -j ACCEPT iptables -A POSTROUTING -t mangle -o eth1 -m mark --mark 12 -j ACCEPT That gave the followig output: 648K 703M ACCEPT all -- * eth0 0.0.0.0/0 =20 0.0.0.0/0 MARK match 0xc 520K 103M ACCEPT all -- * eth1 0.0.0.0/0 =20 0.0.0.0/0 MARK match 0xc As you can see there are packets leaving the bridge at eth0 and at eth1 as well marked with the same handle. > You want to mark on eth0 and use that mark also to shape on eth1. =20 Exactly, so as the connmark part seems to be working is there a chance to get tc filter working in the same way to? Any comments would be very much appreciated! Thanks, Mike. --=20 +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte l=E4cheln! Fotogalerie online mit GMX ohne eigene Homepage! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/