-----Original Message----- From: Patrick McHardy [mailto:kaber@xxxxxxxxx] Sent: Thursday, June 01, 2006 3:44 PM To: Eliot, Wireless and Server Administrator, Great Lakes Internet Cc: lartc@xxxxxxxxxxxxxxx; Netfilter Development Mailinglist Subject: Re: iptables CLASSIFY and MARK not working? > Eliot, Wireless and Server Administrator, Great Lakes Internet wrote: > > Both devices (br1 and wivl4) are bridged interfaces with spanning tree > > turned on. They also do VLANs. Specifically, vconfig was used to create > > a VLAN (in this case, VLAN 4) on two interfaces: eth2 and eth3. These > > two VLAN interfaces were called e2v4 and e3v4. Then, brctl was used to > > bridge the two VLAN interfaces (e2v4 and e3v4) into a new interface > > called wivl4. Spanning tree was then enabled on wivl4. The MTU size was > > then adjusted -4 bytes to accommodate the VLAN tagging. > > Any chance you got bridge netfilter enabled? If so please disable > it and try again (or set the bridge-nf-call-iptables sysctl to 0). > > Also, did you happen to try my specific rules (under different devices) > to see if they work? > > No, just tried CLASSIFY with my own HFSC setup, which is pretty > similar. > > > If possible, could you try creating a VLAN interface and test on that > > interface? Then try a bridged interface. And finally, a bridged VLAN > > interface. > > > > I will try to set this all up on a different machine without the bridged > > VLANs and see if it works there. > > I checked the code, neither VLAN nor bridge should matter. Bridged iptables (ebtables) is not enabled in the kernel and I cannot seem to find a variable "bridge-nf-call-iptables" to set with sysctl: wireless-r1 linux # sysctl -w bridge-nf-call-iptables=0 error: "bridge-nf-call-iptables" is an unknown key There is also no /proc/sys/net/*/bridge anything. I assume that means this is not something I need to worry about? Eliot Gable Certified Wireless Network Administrator (CWNA) Certified Wireless Security Professional (CWSP) Cisco Certified Network Associate (CCNA) CompTIA Security+ Certified CompTIA Network+ Certified Network and System Engineer Great Lakes Internet, Inc. 112 North Howard Croswell, MI 48422 (810) 679-3395 (877) 558-8324 Now offering Broadband Wireless Internet access in Croswell, Lexington, Brown City, Yale, Worth Township, and Sandusky. Call for details. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
