Add -i eth0 if eth0 is your outward facing interface, you may also have to place the mark in PREROUTING. It's been a while since I fiddled and am kind of fuzzy ATM about iptables packet traversal. Mike. > -----Original Message----- > From: FB [mailto:register@xxxxxxxxx] > Sent: Monday, July 12, 2004 6:53 PM > To: Mike > Cc: lartc@xxxxxxxxxxxxxxx > Subject: Re: Layer 7 netfilter not working > > > You may be marking on the ingress interface. Locally generated packets > > do not go through that NIC and therefore do not get marked. You would > > have to mark them on the INPUT chain of your egress interface. > > > > Mike Fetherston > > Thats the line in my iptables-skript: > $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j MARK > --set-mark 322 > > Any suggestion how to modify it? > (-A INPUT doesn't work, no shaping anymore at all, when I put this) > > -FB > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
