I have applied the patch to IPTABLES which allows me to use it on a bridge. The iptables rules are working as I am using it for other things as well. If you do not have the patch applied, you get an error message when trying to run IPTABLES. The one filter rule I am using is as follows: tc filter add dev eth1 parent 1:2 protocol ip prio 1 handle 2 fw classid 1:2a I have the browsing match into the IPTABLES as it is a simpler one to check if it is working before I try the FTP connection tracking portion. Thanks Wayne ----- Original Message ----- From: "Stef Coene" <stef.coene@xxxxxxxxx> To: "Wayne" <wayne@xxxxxxxxxxxxxxxx>; <lartc@xxxxxxxxxxxxxxx> Sent: Wednesday, August 20, 2003 2:26 PM Subject: Re: [LARTC] FTP Connection Tracking in a Bridge > On Wednesday 20 August 2003 10:48, Wayne wrote: > > Hello, > > > > I have a box running as a bridge and am trying to track the passive FTP > > sessions by marking them with iptables (CONNMARK option installed) and then > > trying to pick up the mark using tc filter fwmark. This is not working. > > > > I have checked the marking of the packets and this is working fine because > > I can see the marks when I cat /proc/net/ip_conntrack. > > > > Having setup my queues and using the following command: > > > > tc filter add dev eth1 parent 1:2 protocol ip prio 1 handle 2 fw classid > > 1:2a > > > > I do not get any traffic going in to this queue. I am running kernel > > 2.4.21. > > > > My question is whether the packet that I have marked is actually every > > getting to the tc filter. As I am running a bridge, does the packet get > > marked in iptables PREROUTING, and then go straight to the FORWARD rule and > > then out. > > > > What is the sequence in which iptables processes the packet and then the tc > > filter processes the packet. > > > > Many thanks > Just wondering, can you really use iptables on a bridge? I thought you have > to use ebtables : http://www.docum.org/stef.coene/qos/faq/cache/41.html > > Stef > > -- > > stef.coene@xxxxxxxxx > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > >
