Hi!
If I add
# rules to track ftp
iptables -t mangle -A POSTROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A POSTROUTING -p tcp -m mark ! --mark 0 -j RETURN
iptables -t mangle -A POSTROUTING -p tcp --dport 21 -j MARK --set-mark 2
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
# a rule to see how much ftp traffic is matched
iptables -t mangle -A POSTROUTING -m mark --mark 2
Now if I ftp some data I can see that all of the traffic is not matched by
looking at the byte counter of the rule above.
What am I doing wrong? I am pretty sure the ftp-data connection is not being
tracked, but surely the conntrack_ftp module should do all the hard work for
me?
--
Regards
Abraham
TODAY the Pond!
TOMORROW the World!
-- Frogs (1972)
___________________________________________________
Abraham vd Merwe - Frogfoot Networks CC
1st Floor, Albion Springs, 183 Main Road, Newlands
Phone: +27 21 689 3876 Cell: +27 82 565 4451
Http: http://www.frogfoot.net/ Email: abz@xxxxxxxxxxxx
