On Thu, Feb 28, 2002 at 03:31:02PM +0000, Tim Carr wrote: > >From: bert hubert <ahu@ds9a.nl> > >To: EGAL Vincent <egal@ipanematech.com> > >CC: Tim Carr <cygnusx__1@hotmail.com>, lartc@mailman.ds9a.nl > >Subject: Re: [LARTC] HTB: Filtering flat out not working :(g > > > >Exactly - queueing disciplines and their attached filters come *way* after > >iptables or ipchains have doen their work. > > > >If you need information from before mangling, you should use fwmark to tag > >packets, and then filter based on that fwmark. How to do this is in the > >HOWTO. > > As i mentioned in the email, i've already tried this. No, the HOWTO does not > tell you how to do QoS with MARKing. It tells you how to MARK the packets, > and it tells you how to route the packets, but that's not what I want: I > want QoS, not policy-based routing etc. (I'm talking about this specific > part of the FAQ: > http://www.lartc.org/HOWTO//cvs/2.4routing/output/2.4routing-11.html ) Down below on: http://www.lartc.org/HOWTO//cvs/2.4routing/output/2.4routing-9.html#ss9.2 On fwmark You can mark packets with either ipchains and have that mark survive routing across interfaces. This is really useful to for example only shape traffic on eth1 that came in on eth0. Syntax: # tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 6 fw flowid 1:1 Note that this is not a u32 match! You can place a mark like this: # iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 6 The number 6 is arbitrary. If you don't want to understand the full tc filter syntax, just use iptables, and only learn to select on fwmark. -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
