Indeed, I use transparent proxy, redirecting everything on port 80 to
3128, on the same machine. To make sure it's clear, the scenario is
simple: client enters eth1 on port 80, gets redirected to port 3128...
I mark the packet depending on its source and than I apply a tc filter
to direct it to the right tc class.
In this case how should I mark the packets in order to be able to aply
filters by handle?
Mugur
On Thursday 13 March 2003 22:01, Mugur TOMITA wrote:
> The filters are there... if you take a closer look you'll that my
> copy/paste was falty...
>
> But I can tell you I solved the problem. I attched my solution below.
> Stef, you are right, my filters are not working...
> In fact I don't konow what I did wrong:
> for marking packets depending on their source I used
> ipchains -A output -p all -s 192.168.1.0/30 -m 1
> and the filters look like
> tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw
> classid 1:8 Could it be the fact that I made the marking on the output
> chains and not on the input chain?
Yes. If you nat, the source address is rewritten to the address of your
firewall.
Stef
--
stef.coene@xxxxxxxxx
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
