Everyone, Don't you mark on the inbound interface and shape on the outbound interface? Mike Fetherston > -----Original Message----- > From: FB [mailto:register@xxxxxxxxx] > Sent: Friday, July 09, 2004 1:11 PM > To: lartc@xxxxxxxxxxxxxxx > Subject: Layer 7 netfilter not working > > Hello there! > > I am trying to get traffic shaping working on my Linux router (debian > woody 3r02) and for some things I wanted to use the layer 7 packet > classifier, but I can't get it to work. > Here is what I did: > > -downloaded the patches from http://l7-filter.sourceforge.net > -downloaded the kernel 2.6.7 source > -downloaded the iptables 1.2.11 source > -patched kernel (layer7 patch and some patch to get iptables 1.2.11 > working with kernel 2.6.7) > -patched iptables > -compiled iptables > -activated layer 7 support in kernel-config (and a lot of other packet > classifing options) > -compiled and installed kernel > > Now I tried to mark some packets with layer 7 so that I can shape them > with tc afterwards. But nothing changed, outgoing connection still > didn't changed. So I changed the line in the iptables-script to this: > > $IPTABLES -t filter -A OUTPUT -m layer7 --l7dir /etc/l7-protocols > --l7proto ftp -j DROP > > before it was: > > $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j MARK > --set-mark 322 > > but nothing of them worked (I could still connect over ftp). The > /proc/net/layer7_numpackets is 08 (don't know which 8 packets got > identified there, but the number is not going any higher). > > Any help is really appreciated! > > -FB > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
