Hallo terraja-based, terraja-based wrote: [snip] > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK > --set-mark 2 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK > --set-mark 3 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK > --set-mark 3 [snip] > The traffic it continues goes out by the "default" qdisc (1:30), and it was > not clasified by the correct qdisc. [snip] the marks you set here will be gone as soon as the packet leaves, connmark could do the trick here. Still, matching --sport on the imq device should do the job as well, at least for http at port 80. For ftp, passive mode (data) connections will go to the default-class as the server's port is chosen at runtime, to catch them better use a level-7 filter (e.g. http://sourceforge.net/projects/l7-filter/). Bye, Andreas. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
