I had ever met this condition I change chain rule at iptables,try like this iptables -I OUTPUT -t mangle -p tcp -s 0/0 -d 192.168.62.0/24 -j MARK --set-mark 1 and it works. Regards Johan On Wed, May 16, 2001 at 11:07:07AM -0400, Ramin Alidousti wrote: > I assume that the packets come in on eth0, right? And I'm not sure > if the mangle table sees the destination as 192.168.62.0/24 or as > the original destination address. Try this: > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d 192.168.62.0/24 \ > -j MARK --set-mark 1 > > If it doesn't work, try: > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d <orig dst IP's> > -j MARK --set-mark 1 > > Hope it works, > Ramin > > On Wed, May 16, 2001 at 04:52:30PM +0200, Jaco van der Schyff wrote: > > > I removed the comments from the file below, also this isnt the > > complete file, but it should be enough to give you an idea what > > I want to acheive. > > > > > > > > iptables -A PREROUTING -t mangle -p tcp -s 0/0 -d 192.168.62.0/24 -j > > MARK \ > > --set-mark 1 > > > > tc qdisc add dev eth1 root handle 10: cbq bandwidth 64Kbit avpkt 1000 > > > > tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 64Kbit rate > > \ > > 64Kbit allot 1514 weight 6Kbit prio 8 maxburst 20 avpkt 1000 > > > > tc class add dev eth1 parent 10:1 classid 10:100 cbq bandwidth 64Kbit > > rate \ > > 32Kbit allot 1514 weight 3Kbit prio 5 maxburst 20 avpkt 100 bounded > > > > tc qdisc add dev eth1 parent 10:100 sfq quantum 1514b perturb 15 > > > > tc filter add dev eth1 protocol ip parent 10:1 prio 100 handle 1 fw > > classid 1:100 > > > > > > > > > > Regards > > - Jaco van der Schyff > > jvds@xxxxxxxxxxxxxx > > > > +27 12 803 7591 > > +27 12 803 7285 (f) > > +27 83 680 4922 (mobile) > > > > f6e2eb48937f22e159a408c84533cdcb > > > > > > > > Ramin Alidousti wrote: > > > > > > what is/are your setup/rules? It should work just fine. > > > > > > Ramin > > > > > > On Wed, May 16, 2001 at 04:32:00PM +0200, Jaco van der Schyff wrote: > > > > > > > Greetings earthlings, > > > > > > > > I am batteling to get NATted packets marked with iptables, > > > > to shape them later using the fw filter. > > > > > > > > Has anyone tried to mark packets that are masqueraded, or > > > > to shape masqueraded connections? > > > > > > > > It doesn't seem to work. > > > > > > > > If any knows what to do, please help. > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/ -- - '- (o o) ---------ooO--(_)--Ooo------------------------------------------------- ( )/ \( )( ) ( ) ( \( ) Visit us at http://www.pinguind.co.id __)(( () ))__( /__\ ) ( Feel free to contact me at ICQ #47240718 (___/ \__/(_)(_)(_)(_)(_)\_) email:johan@xxxxxxxxxxxxxx -----------------------------------------------------------------------
