* [LARTC] MARKing according to both net. interfaces?
@ 2001-10-25 13:58 Stephane Bortzmeyer
2001-10-26 9:43 ` Oskar Andreasson
2001-10-26 9:56 ` Stephane Bortzmeyer
0 siblings, 2 replies; 3+ messages in thread
From: Stephane Bortzmeyer @ 2001-10-25 13:58 UTC (permalink / raw)
To: lartc
[I had no success on the netfilter mailing list so may be here? I
don't think there is a mailing list devoted to tc?]
In order to later shape the traffic with tc, I'm trying to use
iptables to mark traffic with a condition on both network interfaces
(in and out).
iptables -t mangle -A PREROUTING -p tcp -i eth4 -o eth5 -j MARK --set-mark 0x4
is accepted but ipchains -v shows that no packets are marked. I assume
this is because, in PREROUTING, you don't know the output interface
yet.
1) Am I correct?
2) Why is it accepted if it cannot work?
3) Is there a solution, since the mangle table only has OUTPUT (where
-i is not accepted) and PREROUTING? (FreeBSD zealots keep screaming to
me that it works fine with FreeBSD.)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] MARKing according to both net. interfaces?
2001-10-25 13:58 [LARTC] MARKing according to both net. interfaces? Stephane Bortzmeyer
@ 2001-10-26 9:43 ` Oskar Andreasson
2001-10-26 9:56 ` Stephane Bortzmeyer
1 sibling, 0 replies; 3+ messages in thread
From: Oskar Andreasson @ 2001-10-26 9:43 UTC (permalink / raw)
To: lartc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 25 October 2001 15:58, you wrote:
> [I had no success on the netfilter mailing list so may be here? I
> don't think there is a mailing list devoted to tc?]
>
>
> In order to later shape the traffic with tc, I'm trying to use
> iptables to mark traffic with a condition on both network interfaces
> (in and out).
>
> iptables -t mangle -A PREROUTING -p tcp -i eth4 -o eth5 -j MARK --set-mark
> 0x4
>
iptables
> is accepted but ipchains -v shows that no packets are marked. I assume
> this is because, in PREROUTING, you don't know the output interface
> yet.
Why the hell are you involving ipchains into this?=) ipchains != iptables.
They are mutually exclusive. If one works, the other wont work properly. To
list the iptables chains do iptables -L. To list the mangle table do iptables
- -t mangle -L.
>
> 1) Am I correct?
>
No=).
> 2) Why is it accepted if it cannot work?
>
It does work. However, you used two mutually exclusive commands to make the
command and to list the commands. Also, the rule only marks packets going
from the network on eth4 to network on eth5. Are you sure there is any
packets going in those directions?.
> 3) Is there a solution, since the mangle table only has OUTPUT (where
> -i is not accepted) and PREROUTING? (FreeBSD zealots keep screaming to
> me that it works fine with FreeBSD.)
>
OUTPUT is broken. Use PREROUTING. Packets doing the above wouldn't travel
through the mangle table OUTPUT chain either.
Anyways, hope this helps.
>
>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> http://ds9a.nl/2.4Routing/
- --
-----------------------------------
|Oskar Andreasson |
|Multisoft Education AB |
|http://www.libendo.com |
|phone: +46-8-6635555 |
|mailto: o.andreasson@libendo.com |
-----------------------------------
BOFH excuse #172:
pseudo-user on a pseudo-terminal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE72TBbxO3KTTz2r/kRAk1uAJ940W+DHpo+itxt5355IhStaak+2wCfds6J
OfJjpJErV+A66XRtWXiMV0c=gKaE
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] MARKing according to both net. interfaces?
2001-10-25 13:58 [LARTC] MARKing according to both net. interfaces? Stephane Bortzmeyer
2001-10-26 9:43 ` Oskar Andreasson
@ 2001-10-26 9:56 ` Stephane Bortzmeyer
1 sibling, 0 replies; 3+ messages in thread
From: Stephane Bortzmeyer @ 2001-10-26 9:56 UTC (permalink / raw)
To: lartc
On Fri, Oct 26, 2001 at 11:43:51AM +0200,
Oskar Andreasson <blueflux@koffein.net> wrote
a message of 79 lines which said:
> > is accepted but ipchains -v shows that no packets are marked. I
It was a typo, I meant iptables.
> Why the hell are you involving ipchains into this?=) ipchains !iptables.
I know, it was just a typo, I used only iptables. Same question.
> OUTPUT is broken. Use PREROUTING.
Did you try by yourself?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-10-26 9:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-10-25 13:58 [LARTC] MARKing according to both net. interfaces? Stephane Bortzmeyer
2001-10-26 9:43 ` Oskar Andreasson
2001-10-26 9:56 ` Stephane Bortzmeyer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox