From: Oskar Andreasson <blueflux@koffein.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] MARKing according to both net. interfaces?
Date: Fri, 26 Oct 2001 09:43:51 +0000 [thread overview]
Message-ID: <marc-lartc-100408983308915@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100401832718215@msgid-missing>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 25 October 2001 15:58, you wrote:
> [I had no success on the netfilter mailing list so may be here? I
> don't think there is a mailing list devoted to tc?]
>
>
> In order to later shape the traffic with tc, I'm trying to use
> iptables to mark traffic with a condition on both network interfaces
> (in and out).
>
> iptables -t mangle -A PREROUTING -p tcp -i eth4 -o eth5 -j MARK --set-mark
> 0x4
>
iptables
> is accepted but ipchains -v shows that no packets are marked. I assume
> this is because, in PREROUTING, you don't know the output interface
> yet.
Why the hell are you involving ipchains into this?=) ipchains != iptables.
They are mutually exclusive. If one works, the other wont work properly. To
list the iptables chains do iptables -L. To list the mangle table do iptables
- -t mangle -L.
>
> 1) Am I correct?
>
No=).
> 2) Why is it accepted if it cannot work?
>
It does work. However, you used two mutually exclusive commands to make the
command and to list the commands. Also, the rule only marks packets going
from the network on eth4 to network on eth5. Are you sure there is any
packets going in those directions?.
> 3) Is there a solution, since the mangle table only has OUTPUT (where
> -i is not accepted) and PREROUTING? (FreeBSD zealots keep screaming to
> me that it works fine with FreeBSD.)
>
OUTPUT is broken. Use PREROUTING. Packets doing the above wouldn't travel
through the mangle table OUTPUT chain either.
Anyways, hope this helps.
>
>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://ds9a.nl/2.4Routing/
- --
-----------------------------------
|Oskar Andreasson |
|Multisoft Education AB |
|http://www.libendo.com |
|phone: +46-8-6635555 |
|mailto: o.andreasson@libendo.com |
-----------------------------------
BOFH excuse #172:
pseudo-user on a pseudo-terminal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE72TBbxO3KTTz2r/kRAk1uAJ940W+DHpo+itxt5355IhStaak+2wCfds6J
OfJjpJErV+A66XRtWXiMV0c=gKaE
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
next prev parent reply other threads:[~2001-10-26 9:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-25 13:58 [LARTC] MARKing according to both net. interfaces? Stephane Bortzmeyer
2001-10-26 9:43 ` Oskar Andreasson [this message]
2001-10-26 9:56 ` Stephane Bortzmeyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-100408983308915@msgid-missing \
--to=blueflux@koffein.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox