-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 25 October 2001 15:58, you wrote: > [I had no success on the netfilter mailing list so may be here? I > don't think there is a mailing list devoted to tc?] > > > In order to later shape the traffic with tc, I'm trying to use > iptables to mark traffic with a condition on both network interfaces > (in and out). > > iptables -t mangle -A PREROUTING -p tcp -i eth4 -o eth5 -j MARK --set-mark > 0x4 > iptables > is accepted but ipchains -v shows that no packets are marked. I assume > this is because, in PREROUTING, you don't know the output interface > yet. Why the hell are you involving ipchains into this?=) ipchains != iptables. They are mutually exclusive. If one works, the other wont work properly. To list the iptables chains do iptables -L. To list the mangle table do iptables - -t mangle -L. > > 1) Am I correct? > No=). > 2) Why is it accepted if it cannot work? > It does work. However, you used two mutually exclusive commands to make the command and to list the commands. Also, the rule only marks packets going from the network on eth4 to network on eth5. Are you sure there is any packets going in those directions?. > 3) Is there a solution, since the mangle table only has OUTPUT (where > -i is not accepted) and PREROUTING? (FreeBSD zealots keep screaming to > me that it works fine with FreeBSD.) > OUTPUT is broken. Use PREROUTING. Packets doing the above wouldn't travel through the mangle table OUTPUT chain either. Anyways, hope this helps. > > > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://ds9a.nl/2.4Routing/ - -- ----------------------------------- |Oskar Andreasson | |Multisoft Education AB | |http://www.libendo.com | |phone: +46-8-6635555 | |mailto: o.andreasson@xxxxxxxxxxx | ----------------------------------- BOFH excuse #172: pseudo-user on a pseudo-terminal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE72TBbxO3KTTz2r/kRAk1uAJ940W+DHpo+itxt5355IhStaak+2wCfds6J OfJjpJErV+A66XRtWXiMV0c= =gKaE -----END PGP SIGNATURE-----
