Iptables with 3 marks. It is possible?

<mah@xxxxxxxxxxxxxxx> · Wed, 1 Dec 2004 00:22:43 -0200

Hi....

Help me please!!!

I am using Linux Redhat as gateway of the my network to internet. I am to making NAT and firewall.

In my iptables script, I need make 3 MARKs for the same packet, as following 

# It marks the packets that will go for link ADSL (I have 2 links - adsl 2Mb and 'dedicate link' 256Mb )
# I am using 'ip rule / ip route' to make this 
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark 2000
iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK --set-mark 2000

# It marks the packets that will be shapped ( upload with cbq )
iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55 -j MARK --set-mark 501
....
iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff -j MARK --set-mark 631
###. I have 130 hosts in my network

# It marks the packages that priority has ( with 'tc prio' command)
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK --set-mark 110

But only last mark does function

Have solution ?? How to do?

#Marcio P. Silva
#linuXuser

Hi....

Help me please!!!

I am using Linux Redhat as router of the my network.   I am to making NAT and firewall.

In my iptables script, I need make 3 MARKs for the same packet, as following 

# It marks the packets that will go for link ADSL  (I have 2 links - adsl 2Mb   and  'dedicate link' 256Mb )
# I am using  'ip rule / ip route'  to make this 
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark 2000
iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK --set-mark 2000

# It marks the packets that will be  shapped   ( upload   with cbq )
iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55  -j MARK --set-mark 501
....
iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff  -j MARK --set-mark 631
###.  I have 130 hosts in my network

# It marks the packages that priority has ( with 'tc prio' command)
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK --set-mark 110

But only last mark does function

Have solution ??  How to do?

#Marcio P. Silva
#linuXuser

Iptables with 3 marks. It is possible?

Linux Advanced Routing and Traffic Control