From mboxrd@z Thu Jan 1 00:00:00 1970 From: johan@pinguind.co.id Date: Thu, 17 May 2001 10:47:59 +0000 Subject: Re: [LARTC] Marking packets for shaping Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org This is the result when I use with OUTPUT chain 150 Opening BINARY mode data connection for iproute-2.2.4-2.i386.rpm (327439 bytes). 226 Transfer complete. 327439 bytes received in 21 secs (15 Kbytes/sec) With configuration like this bash# iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination MARK tcp -- fvbs.pinguind.co.id anywhere state RELATED,ESTABLISHED MARK set 0x1 MARK tcp -- fvbs.pinguind.co.id anywhere tcp spt:www MARK set 0x2 ---[ eth0: configured classes ]--------------------------- class cbq 10: root rate 10Mbit (bounded,isolated) prio no-transmit class cbq 10:2 parent 10: rate 10Mbit prio 4 class cbq 10:4 parent 10:2 leaf 8001: rate 128Kbit prio 4 class cbq 10:5 parent 10:2 leaf 8002: rate 256Kbit prio 4 ---[ eth0: queueing disciplines ]------------------------- qdisc tbf 8002: rate 256Kbit burst 10Kb lat 190.7ms qdisc tbf 8001: rate 128Kbit burst 10Kb lat 381.5ms qdisc cbq 10: rate 10Mbit (bounded,isolated) prio no-transmit On Wed, May 16, 2001 at 07:30:57PM -0400, Ramin Alidousti wrote: > Aren't you making any mistake here, Johan? OUTPUT chain is meant > for the outgoing packets from the firewall itself. What Jaco is > doing is receiving packets from the network which will never pass > the OUTPUT chain. > > Ramin > > On Thu, May 17, 2001 at 06:29:00AM -0400, johan@pinguind.co.id wrote: > > > I had ever met this condition > > I change chain rule at iptables,try like this > > > > iptables -I OUTPUT -t mangle -p tcp -s 0/0 -d 192.168.62.0/24 -j MARK > > --set-mark 1 > > > > and it works. > > > > Regards > > > > Johan > > > > On Wed, May 16, 2001 at 11:07:07AM -0400, Ramin Alidousti wrote: > > > I assume that the packets come in on eth0, right? And I'm not sure > > > if the mangle table sees the destination as 192.168.62.0/24 or as > > > the original destination address. Try this: > > > > > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d 192.168.62.0/24 \ > > > -j MARK --set-mark 1 > > > > > > If it doesn't work, try: > > > > > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d > > > -j MARK --set-mark 1 > > > > > > Hope it works, > > > Ramin -- -'- (o o) ---------ooO--(_)--Ooo------------------------------------------------- ( )/ \( )( ) ( ) ( \( ) Visit us at http://www.pinguind.co.id __)(( () ))__( /__\ ) ( Feel free to contact me at ICQ #47240718 (___/ \__/(_)(_)(_)(_)(_)\_) email:johan@pinguind.co.id ----------------------------------------------------------------------- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/