Heh heh heh - whoops. I've fixed it. I changed the filter rule to: tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:2 And it worked. Sorry for posting such a silly mistake. Many thanks, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:mark.lidstone@xxxxxxxxxxxxxxxx Website: www.bmtseatech.co.uk ======================================================================== == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. ======================================================================== == -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Mark Lidstone Sent: 09 December 2005 16:09 To: lartc@xxxxxxxxxxxxxxx Subject: Marking with firewall Hi all, I've been trying to do the above and read everything I can find on Google on the subject, but something seems to be going wrong. I tried the following sample rules in iptables (initially I just set the first one, but I added more as my desperation escalated): iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 1 iptables -A FORWARD -p icmp -j MARK --set-mark 1 iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 1 With the following in my traffic shaping script: tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 12:0 The problem is that all ICMP traffic is going out of the default queue (classid 15:0) even though the firewall is catching it (checking the packet counts with 'iptables -t mangle -L -nvx' and 'iptables -L -nvx' shows packets were being caught). So, why are the filters not catching the packets? What obvious mistake have I made? :) Many thanks for any help, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:mark.lidstone@xxxxxxxxxxxxxxxx Website: www.bmtseatech.co.uk ======================================================================== == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. ======================================================================== == _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
