El Thursday 02 March 2006 12:59, Andy Furniss escribió: > Diego Andrés Asenjo Gonzalez wrote: > > Hi again! > > > >>> $IPT -A FORWARD -t mangle -p udp -s 172.16.0.185/32 -i eth1 --sport > >>> 10000:10100 -d 172.16.1.0/24 -j MARK --set-mark 0x44 > >> > >> This should be -o eth1 or you should be shaping it on eth0 or if it's > >> for the shaping box you need to do some sort of ingress > >> shaping/policing. > > > > Sorry, a typo :p. You pointed clearly the "-o eth1" in the previous > > message. Really, is the first time that I use -i or -o in the rule. One > > point is that the box is a bridge between a LAN and a router, eth0 is in > > the LAN and eth1 in the router. So, I thought I can ommit the interface. > > > > Anyway, I think that this is an strange situation: there are marked > > (maybe not "well" marked) packages, but there is no traffic. I am trying > > with the -o option. > > It could be the bridging - I've never tried maybe you could look into > ebtables or just use tc/u32 to do the matching. Setting the apropiates routes and proxy_arp in 1, is a way to do a bridge but at ip layer. This allows to use iptables and other ip layer tools whitouth any problem, and it's completly transparent as the bridge. Use iptables for a bridge is certanly not a good idea. That's why ebtables was created. -- Luciano -- Luciano _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
