Dnia piątek, 30 września 2005 13:34, Sascha Reissner napisał: > sebastian.ionita@xxxxxxxxxxxxxxxx wrote: > > Why doesn't iptables works with vlans interfaces? > > iptables -t mangle -A FORWARD -i eth0 -o eth1.11 -j MARK --set-mark 4 > > Gives me the error: > > host/network eth1.11 not found. > > I'm running kernel version 2.4.27. with iptables 1.2.9 > > The eth1.11 exists works perfectly. > > Seby, > > eth1.11 is the same physical device as eth1. use eth1 in your rule and > you are fine. netfiler does IMHO not support filtering by logical > interface. It does and it works excellent. here is short example: /usr/local/sbin/iptables -A FORWARD -i eth0.119 -p tcp -j ACCEPT -m state --state NEW -m multiport --destination-port $TCP_FORWARD1 /usr/local/sbin/iptables -A FORWARD -i eth0.119 -p tcp -j ACCEPT -m state --state NEW -m multiport --destination-port $TCP_FORWARD2 For me it seems like eth1.11 is not present on your system. What do get with "ifconfig"? Marcin
