From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Wayne" <wayne@fengshuifont.com>
Date: Wed, 20 Aug 2003 08:48:00 +0000
Subject: [LARTC] FTP Connection Tracking in a Bridge
MIME-Version: 1
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0014_01C36708.865A25C0"
Message-Id: <marc-lartc-106136953432545@msgid-missing>
List-Id: <lartc.vger.kernel.org>
To: lartc@vger.kernel.org

This is a multi-part message in MIME format.

------=_NextPart_000_0014_01C36708.865A25C0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

I have a box running as a bridge and am trying to track the passive FTP =
sessions by marking them with iptables (CONNMARK option installed) and =
then trying to pick up the mark using tc filter fwmark. This is not =
working.

I have checked the marking of the packets and this is working fine =
because I can see the marks when I cat /proc/net/ip_conntrack.

Having setup my queues and using the following command:

tc filter add dev eth1 parent 1:2 protocol ip prio 1 handle 2 fw classid =
1:2a

I do not get any traffic going in to this queue. I am running kernel =
2.4.21.=20

My question is whether the packet that I have marked is actually every =
getting to the tc filter. As I am running a bridge, does the packet get =
marked in iptables PREROUTING, and then go straight to the FORWARD rule =
and then out.

What is the sequence in which iptables processes the packet and then the =
tc filter processes the packet.

Many thanks

Wayne

------=_NextPart_000_0014_01C36708.865A25C0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1170" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2><FONT size=3D2>
<P>Hello,</P>
<P>I have a box running as a bridge and am trying to track the passive =
FTP=20
sessions by marking them with iptables (CONNMARK option installed) and =
then=20
trying to pick up the mark using tc filter fwmark. This is not =
working.</P>
<P>I have checked the marking of the packets and this is working fine =
because I=20
can see the marks when I cat /proc/net/ip_conntrack.</P>
<P>Having setup my queues and using the following command:</P>
<P>tc filter add dev eth1 parent 1:2 protocol ip prio 1 handle 2 fw =
classid=20
1:2a</P>
<P>I do not get any traffic going in to this queue. I am running kernel =
2.4.21.=20
</P>
<P>My question is whether the packet that I have marked is actually =
every=20
getting to the tc filter. As I am running a bridge, does the packet get =
marked=20
in iptables PREROUTING, and then go straight to the FORWARD rule and =
then=20
out.</P>
<P>What is the sequence in which iptables processes the packet and then =
the tc=20
filter processes the packet.</P>
<P>Many thanks</P>
<P>Wayne</P></FONT></FONT></DIV></BODY></HTML>

------=_NextPart_000_0014_01C36708.865A25C0--

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/