I need to ''deprioritize'' some traffic to an iface/vlan/subnet, both egress and ingress (via ifb). Suppose eth1 is the public interface, eth0.3 the depriority lan (with address 10.5.3.0/24). I'm using NAT. On EGRESS now i'm marking traffic using iptables mark and conntrack marking (save and restore), using that rule: iptables -t mangle -A mrk-pre-out -o eth0.3 -j MARK --set-mark 8 mrk-pre-out is a sub table of OUTPUT: iptables -t mangle -A OUTPUT -j mrk-pre-out and this works flawlessy (or at least seems ;): packet get sooner or later marked with '8' and after then conntrack marking do their work. But for INGRESS? I'm using ifb, so iptables markers cannot be used. I can mark/select traffic by dest interface? Seems no to me... I can mark/select traffic based on dest network, eg: tc ... match u32 A050300 FFFFFF00 at nexthdr+16 ... or NAT have not just do their work, and so on dest address i still have the public one? I hope i was clear. Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/25/index.php/component/k2/item/123 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
