You were exactly right here. Moving to the filters instead of the iptables classify solved the issue. As for performance, I have not yet benchmarked it to determine if the filters are fast enough for the number of users I need this to support. Eliot Gable Certified Wireless Network Administrator (CWNA) Certified Wireless Security Professional (CWSP) Cisco Certified Network Associate (CCNA) CompTIA Security+ Certified CompTIA Network+ Certified Network and System Engineer Great Lakes Internet, Inc. 112 North Howard Croswell, MI 48422 (810) 679-3395 (877) 558-8324 Now offering Broadband Wireless Internet access in Croswell, Lexington, Brown City, Yale, Worth Township, and Sandusky. Call for details. -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Jody Shumaker Sent: Friday, May 19, 2006 3:27 PM To: Andreas Unterkircher Cc: lartc@xxxxxxxxxxxxxxx Subject: Re: iptables CLASSIFY and MARK not working? On 5/19/06, Andreas Unterkircher <unki@xxxxxxxxxxxx> wrote: > Have you checked that the ip_conntrack module is loaded or compiled into > the kernel? > If not the mark is lost... > > Cheers, > Andreas > I doubt that's the issue. I do however recall there being issues with using iptables classify to targets that were more than 1 level deep in the tc qdisc hierarchy. In such situations it works much better if you instead use a tc filter on the mark instead of an iptables classify. Is there any particular reason you're using classify on a mark instead of a tc filter on the mark? - Jody _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
