I have two interfaces , eth0 and ap0 bridged together to form br0 .
And another interfaces eth1 on wan side .
br0 <------------------------> eth1
( eth0 , ap0)
{ lan } {wan}
packets from lan side are nated to eth1 . i have qos rules on both
br0 and eth1 . when i googled i found that "mangling packets on br0
and using fw filters wont work on linux bridge ".. Is this true ?? Can
you tell me why ??
But the funny thing is i colored packets in prerouting chain only
specifying protocol ( not specifying interface )
iptables -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2 and
i have filter rule to put packets tat are fw marked as 2 to put into
some flow . This works fine , when i send an icmp packet from lan to
wan side !!!!!!! ??????????
But if try any of below rules intsead of above , it wont work
iptables -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
iptables -t mangle -A PREROTUING -p icmp -s 192.168.1.0/24 -d !
192.168.1.0/24 -j MARK --set-mark 2
iptables -t mangle -A FORWARD -p icmp -i br0 -o eth1 -j MARK --set-mark 2
i dont know y ????????
in linux kernel , in net/sched/cls_fw.c file , fw_classify is
called every time tc filter is hit .
skb->mark is zero when u use rules like
iptables -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
iptables -t mangle -A PREROTUING -p icmp -s 192.168.1.0/24 -d !
192.168.1.0/24 -j MARK --set-mark 2
iptables -t mangle -A FORWARD -p icmp -i br0 -o eth1 -j MARK --set-mark 2
But if u use
iptables -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2
the skb->mark is 2 , correct value .
This problem happens only with bridge . when i tried with one of the
interface it works perfectly .
Thanks,
Ratheesh
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
