On Wednesday 20 August 2003 10:48, Wayne wrote: > Hello, > > I have a box running as a bridge and am trying to track the passive FTP > sessions by marking them with iptables (CONNMARK option installed) and then > trying to pick up the mark using tc filter fwmark. This is not working. > > I have checked the marking of the packets and this is working fine because > I can see the marks when I cat /proc/net/ip_conntrack. > > Having setup my queues and using the following command: > > tc filter add dev eth1 parent 1:2 protocol ip prio 1 handle 2 fw classid > 1:2a > > I do not get any traffic going in to this queue. I am running kernel > 2.4.21. > > My question is whether the packet that I have marked is actually every > getting to the tc filter. As I am running a bridge, does the packet get > marked in iptables PREROUTING, and then go straight to the FORWARD rule and > then out. > > What is the sequence in which iptables processes the packet and then the tc > filter processes the packet. > > Many thanks Just wondering, can you really use iptables on a bridge? I thought you have to use ebtables : http://www.docum.org/stef.coene/qos/faq/cache/41.html Stef -- stef.coene@xxxxxxxxx "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net
