[LARTC] Questions regarding CONNMARK

[LARTC] Questions regarding CONNMARK

[GoMi .]

Hi there, i have some questions regarding CONNMARK and STRING modules for 
netfilter.

I have a stateful firewall doing contraking, because i have two dsl 
connections doing load balancing. I have found a way to discriminate KaZaA 
traffic flowing via port 80 from normal HTTP traffic using the string match. 
I want to mark a kazaa connection and filter ir to a specific qdisc.

I have been looking for info about CONNMARK, but i cant find any HOWTO to 
explain how it works. Anyone can help me out here?

Thank you!

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: 
http://messenger.yupimsn.com/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Questions regarding CONNMARK

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 393 bytes --]

On Mon, 2003-06-16 at 15:56, GoMi . wrote:
> Hi there, i have some questions regarding CONNMARK and STRING modules for 
> I have been looking for info about CONNMARK, but i cant find any HOWTO to 
> explain how it works. Anyone can help me out here?

It's in the FAQ from docum.org ;-)
See at 
	http://home.regit.org/connmark.html

BR,
-- 
Eric Leblond <eric@regit.org>
Regit.org

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] Questions regarding CONNMARK

[GoMi .]

I still dont get it..i think its like this, correct me if i am wrong:

When a connection is new, a number is given to it and hence we know how to 
dnatet when the response comes. That mark has nocing to do with the mark 
given by the MARK value

hence -j CONNMARK --save-mark will save that number, then i can mark the 
packet with MARK, and then i have to reset the connmark with --reset-mark

is that right?

What i want to do, is mark all kazaa connections since the begging with a 
mark 5 for example..but i am begging to get messed up :)

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: 
http://messenger.yupimsn.com/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Questions regarding CONNMARK

[GoMi .]

A question here, i am having problems shaping the acks, due to p2p programs, 
how can i do the --restore-mark on a full connection, including acks? i have 
really no  idea how...

_________________________________________________________________
Charla con tus amigos en lmnea mediante MSN Messenger: 
http://messenger.yupimsn.com/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/