I wouldn't bet the layer7 match works in table filter. You could try
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7dir /etc/l7-protocols --l7proto ftp -j LOG --log-prefix 'marked: '
and watch your logs. Um, and /etc/l7-protocols does contain your pattern definitions, right?
Yes there are my definition. And your idea with the logging was great, I did it and guess what, the packets showed up in /var/log/syslog, so I guess the layer7 classifier is working, but now I wonder why it still doesn't shape (and remember DROP didn't work either, but there I am not sure if it wasn't a configure mistake by me).
I changed the line back to:
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7dir /etc/l7-protocols --l7proto ftp -j MARK --set-mark 322
But the shaping still doesn't work. I didn't want to terrorize you all by posting my whole shapingskript here, so I uploaded it here:
http://www.flintz.de/shaping.txt
Would be really nice if someone could search the script for any mistakes!
-FB _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
