I hope this is helpfull.
In my set up I have an FTP proxy on my firewall and I wanted to catch downloaded ftp traffic for Qos.
# Location of iptables
$IPTABLES=/sbin/iptables
# Device facing the internet
$EXTDEV=eth1
# uid of user that proxy runs as
$FTP_PROXY = 500
# All networks that are not local
$EXTERNAL = ! 192.168.0.0/16
# Marks for outgoing and incoming ftp proxy traffic
$FTP_PROXY_TO_INTERNET=0x20 $INTERNET_TO_FTP_PROXY=0x21
# Firstly I mark traffic from my proxy to the internet
$IPTABLES -t mangle -A OUTPUT -o $EXTDEV -m owner --uid-owner $FTP_PROXY -d $EXTERNAL -j MARK --set-mark $FTP_PROXY_TO_INTERNET
$IPTABLES -t mangle -A OUTPUT -o $EXTDEV -p TCP -d $EXTERNAL --dport 21 -j MARK --set-mark $FTP_PROXY_TO_INTERNET
# Next I save the iptables mark to the connection tracking mark, but only if the iptables mark is ftp proxy to internet
$IPTABLES -t mangle -A POSTROUTING -o $EXTDEV -m mark --mark $FTP_PROXY_TO_INTERNET -j CONNMARK --save-mark
# Now we look for the connmark on incoming traffic and manually mark it as incoming with the iptables mark,
# restoring the mark would give the same mark for outgoing and incoming, but that might not be a problem for you.
$IPTABLES -t mangle -A PREROUTING -i $EXTDEV -m connmark --mark $FTP_PROXY_TO_INERNET -j MARK --set-mark $INTERNET_TO_FTP_PROXY
_____________________________________________________________ David Watson, Network Manager, Team17 Software Ltd. Phone: +44-1924-267776 Fax: +44-1924-267658 _____________________________________________________________
