On Thursday 27 March 2003 08:32, Simone Leggio wrote: > At the moment I have a test network where I send traffic from host A to > host B generating it with a proper traffic generator (for example MGEN), > which allows also to set the DS (or IP TOS) field. > Does iptables understand the value set before with the traffic generator > or I have to set the field with the mangle table? > What I was thinking to type to discriminate the output interface was: > > iptables -A FORWARD -p tcp -m tos --tos TOS -o INTERFACE -j ACCEPT > > With TOS equal to the value set by the traffic generator. Would it work? > Hi Simone, Ensure that you have one routing table for each interface, then use the command: $ip rule add fwmark x table y Then add a mangle entry in your prerouting table, which looks at the tos you wish to match: $iptables -t mangle -A PREROUTING -p tcp -m tos --tos TOS -j MARK --set-mark x That should hopefully do it. The script for copying your routing table is available in the link: http://linux-ip.net/html/adv-multi-internet.html. hope this helps /Kim
