Re: Re: LARTC Digest, Vol 26, Issue 24

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Saturday 28 April 2007 19:33, terraja-based wrote:
> [...]
> iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0
>
> tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid 1:10
> tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid 1:20
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK 
> --set-mark 2
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK
> --set-mark 3
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK
> --set-mark 3
> [...]
> The traffic it continues goes out by the "default" qdisc (1:30), and it was
> not clasified by the correct qdisc.
Hmm, you are trying to "redirect" all packets from eth1 to imq0, and then you 
are trying to mark packets for http and ftp connections. Well, I think you 
need to change again your configuration: if you put '-j IMQ --todev 0' as 
first rule, then all packets will match and will not pass through the chain, 
so any rule after that one, will never match against a packet. You need to 
mark packets before, and send to imq device later. Maybe something like this:

--------------------------------8<-------------------------8<-----------------------------------
[...]
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK --set-mark 
2
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK --set-mark 
3
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK --set-mark 
3
iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0

tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid 1:10
tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid 1:20
[...]
--------------------------------8<-------------------------8<-----------------------------------

PS: as long as I know, marks 0, 1, and 2 are iptables marks (reserved marks), 
so if I were you, I start marking with number 3 or greater.

-- 
Alejandro Ramos Encinosa <alex@xxxxx>
Fac. Matemática Computación
Universidad de La Habana
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux