This is a multi-part message in MIME format. ------=_NextPart_000_0014_01C36708.865A25C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, I have a box running as a bridge and am trying to track the passive FTP = sessions by marking them with iptables (CONNMARK option installed) and = then trying to pick up the mark using tc filter fwmark. This is not = working. I have checked the marking of the packets and this is working fine = because I can see the marks when I cat /proc/net/ip_conntrack. Having setup my queues and using the following command: tc filter add dev eth1 parent 1:2 protocol ip prio 1 handle 2 fw classid = 1:2a I do not get any traffic going in to this queue. I am running kernel = 2.4.21.=20 My question is whether the packet that I have marked is actually every = getting to the tc filter. As I am running a bridge, does the packet get = marked in iptables PREROUTING, and then go straight to the FORWARD rule = and then out. What is the sequence in which iptables processes the packet and then the = tc filter processes the packet. Many thanks Wayne ------=_NextPart_000_0014_01C36708.865A25C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1170" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2><FONT size=3D2> <P>Hello,</P> <P>I have a box running as a bridge and am trying to track the passive = FTP=20 sessions by marking them with iptables (CONNMARK option installed) and = then=20 trying to pick up the mark using tc filter fwmark. This is not = working.</P> <P>I have checked the marking of the packets and this is working fine = because I=20 can see the marks when I cat /proc/net/ip_conntrack.</P> <P>Having setup my queues and using the following command:</P> <P>tc filter add dev eth1 parent 1:2 protocol ip prio 1 handle 2 fw = classid=20 1:2a</P> <P>I do not get any traffic going in to this queue. I am running kernel = 2.4.21.=20 </P> <P>My question is whether the packet that I have marked is actually = every=20 getting to the tc filter. As I am running a bridge, does the packet get = marked=20 in iptables PREROUTING, and then go straight to the FORWARD rule and = then=20 out.</P> <P>What is the sequence in which iptables processes the packet and then = the tc=20 filter processes the packet.</P> <P>Many thanks</P> <P>Wayne</P></FONT></FONT></DIV></BODY></HTML> ------=_NextPart_000_0014_01C36708.865A25C0--
