hello there, the filtering works in the _filter_ table. afaik there is no support to route logical devices at least in the nat table! maybe the same is applied for the mangle table. greetings /matthias > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of > Marcin Giedz > Sent: Friday, September 30, 2005 1:56 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Iptables and vlan interfaces > > > Dnia piątek, 30 września 2005 13:34, Sascha Reissner napisał: > > sebastian.ionita@xxxxxxxxxxxxxxxx wrote: > > > Why doesn't iptables works with vlans interfaces? > > > iptables -t mangle -A FORWARD -i eth0 -o eth1.11 -j MARK > --set-mark 4 > > > Gives me the error: > > > host/network eth1.11 not found. > > > I'm running kernel version 2.4.27. with iptables 1.2.9 > > > The eth1.11 exists works perfectly. > > > Seby, > > > > eth1.11 is the same physical device as eth1. use eth1 in > your rule and > > you are fine. netfiler does IMHO not support filtering by logical > > interface. > > It does and it works excellent. > > here is short example: > /usr/local/sbin/iptables -A FORWARD -i eth0.119 -p tcp -j > ACCEPT -m state > --state NEW -m multiport --destination-port $TCP_FORWARD1 > /usr/local/sbin/iptables -A FORWARD -i eth0.119 -p tcp -j > ACCEPT -m state > --state NEW -m multiport --destination-port $TCP_FORWARD2 > > For me it seems like eth1.11 is not present on your system. > What do get with > "ifconfig"? > > Marcin > >
