I just checked with the iptables guru's and it appears that the mangle table is checked before the nat table meaning that the second example below works and not the first one, which also explains why your setup didn't work. Ramin On Wed, May 16, 2001 at 11:07:07AM -0400, Ramin Alidousti wrote: > I assume that the packets come in on eth0, right? And I'm not sure > if the mangle table sees the destination as 192.168.62.0/24 or as > the original destination address. Try this: > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d 192.168.62.0/24 \ > -j MARK --set-mark 1 > > If it doesn't work, try: > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d <orig dst IP's> > -j MARK --set-mark 1 > > Hope it works, > Ramin > > On Wed, May 16, 2001 at 04:52:30PM +0200, Jaco van der Schyff wrote: > > > I removed the comments from the file below, also this isnt the > > complete file, but it should be enough to give you an idea what > > I want to acheive. > > > > > > > > iptables -A PREROUTING -t mangle -p tcp -s 0/0 -d 192.168.62.0/24 -j > > MARK \ > > --set-mark 1 > > > > tc qdisc add dev eth1 root handle 10: cbq bandwidth 64Kbit avpkt 1000 > > > > tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 64Kbit rate > > \ > > 64Kbit allot 1514 weight 6Kbit prio 8 maxburst 20 avpkt 1000 > > > > tc class add dev eth1 parent 10:1 classid 10:100 cbq bandwidth 64Kbit > > rate \ > > 32Kbit allot 1514 weight 3Kbit prio 5 maxburst 20 avpkt 100 bounded > > > > tc qdisc add dev eth1 parent 10:100 sfq quantum 1514b perturb 15 > > > > tc filter add dev eth1 protocol ip parent 10:1 prio 100 handle 1 fw > > classid 1:100 > > > > > > > > > > Regards > > - Jaco van der Schyff > > jvds@xxxxxxxxxxxxxx > > > > +27 12 803 7591 > > +27 12 803 7285 (f) > > +27 83 680 4922 (mobile) > > > > f6e2eb48937f22e159a408c84533cdcb > > > > > > > > Ramin Alidousti wrote: > > > > > > what is/are your setup/rules? It should work just fine. > > > > > > Ramin > > > > > > On Wed, May 16, 2001 at 04:32:00PM +0200, Jaco van der Schyff wrote: > > > > > > > Greetings earthlings, > > > > > > > > I am batteling to get NATted packets marked with iptables, > > > > to shape them later using the fw filter. > > > > > > > > Has anyone tried to mark packets that are masqueraded, or > > > > to shape masqueraded connections? > > > > > > > > It doesn't seem to work. > > > > > > > > If any knows what to do, please help.
