So I would suggest testing:This shouldn't affect things in the end though, correct? (I.e. it's overkill, but it won't hurt anything, right?)
1) no filter rule for 1:10 which is default
(I've also had it pass by default through the 1:1, in which case nothing passed through 1:10, nor 1:20 - everything went through 1:1.)
2) no filters with handle 1, (I start at 101 for the filters)
tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
"handle 1" - is that not how it picks up on nfmark? If nfmark is set to 1, is this not the part that picks up that nfmark?
3) marking with iptables in mangle PREROUTING
I have also tried that. I'm using 2.6.3-mm3 -> packets don't seem to pass through iptables anymore unless they're specifically routed rather than bridged (can anyone confirm this?). I have another (2-if, no QoS) bridge running 2.4, and iptables commands filter fine. With this new bridge running 2.6, dropping everything with iptables doesn't work 'iptables -A FORWARD -j DROP' doesn't affect the bridge in the least - hosts continue to talk through the bridge. (Same in ebtables works as expected though.)
should work, it's working fine here on 2.4.24+ebtablesPerhaps the key here is 2.4. I might have to revert...
Thanks for the input. Now I have something else to try!
Cheers,
jon _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
