Hey guys and girls, how ur day? I got a slight problem configuring tc on my firewall (traffic control). Before I get kicked out the door and sent to the LARTC forum, I would like to add that the problem im facing is MARKING the packets via iptables. Situation is as such LAN --> Firewall --> Router -->Internet | | --> DMZ So much for the Ascii artist in me. :) The firewall has 3 interfaces: Eth0 = LAN --> 100Mbps NIC Eth1 = DMZ --> 100Mbps NIC Eth2 = Internet --> 4MB link to internet Background: DMZ Zone Eth1: Web/FTP, and SMTP servers. (100Mbps switches and NICs) WEB/FTP server :10.100.1.1/24 SMTP server:10.100.1.2/24 I need to mark packets for the LAN (192.168.0.0/16) to the DMZ server (10.100.1.1) to classify them in classes. This is what I tried : /sbin/iptables -A PREROUTING -i eth1 -d 10.100.1.1 -t mangle -j MARK --set-mark 9 /sbin/iptables -A PREROUTING -i eth1 -s 10.100.1.1 -t mangle -j MARK --set-mark 9 Traffic control does not seem to work when I mark the packets as above. It appears that the 'tc' does not recognize the marked packets. I eventually marked them like this : Tc filter add dev eth2 parent 2:1 protocol ip prio 7 u32 match ip src 10.100.1.1 classid 2:1 I would hope someone could point out my error in marking the packets. Another question, there shouldn't be any problem with marking different IPs with the same numerical mark, right? Eg: /sbin/iptables -A PREROUTING -i eth1 -d 10.100.1.1 -t mangle -j MARK --set-mark 9 /sbin/iptables -A PREROUTING -i eth1 -d 10.100.1.2 -t mangle -j MARK --set-mark 9 Any help is appreciated! Regards edmund
