Re: iptables & tc - 3 marks

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

el Diumenge 19 Desembre 2004 20:32, Brian J. Murrell va escriure:
> On Tue, 2004-11-30 at 00:12 -0200, mah@xxxxxxxxxxxxxxx wrote:
> > Hi....
> >
> > Help me please!!!
> >
> > I am using Linux Redhat as router of the my network.   I am to making NAT
> > and firewall.
> >
> > In my iptables script, I need make 3 MARKs for the same packet, as
> > following
> >
> > # It marks the packets that will go for link ADSL  (I have 2 links - adsl
> > 2Mb   and  'dedicate link' 256Mb ) # I am using  'ip rule / ip route'  to
> > make this
> > iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark
> > 2000 iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK
> > --set-mark 2000
> >
> > # It marks the packets that will be  shapped   ( upload   with cbq )
> > iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55  -j MARK
> > --set-mark 501 ....
> > iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff  -j MARK
> > --set-mark 631 ###.  I have 130 hosts in my network
> >
> >
> > # It marks the packages that priority has ( with 'tc prio' command)
> > iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100
> > iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100
> > iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK
> > --set-mark 110
> >
> >
> >
> > But only last mark does function
>
> I have just this hour started looking at marking packets, so my
> information could be wrong, but I believe that --set-mark <n> where n is
> an integer from 1-255.  You cannot use values greater than 255.
>
> b.

I'm using values greater than 255, may be you need to install mark modules? 

- -- 

ID 0x834D5708
wget http://www.awacat.com/clausGPG/publica_tictac.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBxvB9LGhud4NNVwgRAuVLAKC5YgJN/0VBy6vA4+d+rqZNyqxIlQCfacf3
Ujp2PjGND7iDf0x6N2VBhyk=
=QGQ7
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux