Hi,
I need to add a connection mark on packets that enter the system on a
bridge interface with a VLAN tag.
The network setup looks like:
eth0-\
eth1--\ /-br0.15
eth2----bond0--\ /--br0.16
eth2--/ --br0-----br0.17
tap0--/ \--br0.18
The rule
iptables -t mangle -A PREROUTING -i br0.17 -j CONNMARK --set-xmark 0x11
does not match the packets incoming on br0.17, no connection mark is
applied. tcpdump -i br0.17 shows incoming packets.
Is it even possible to match which such a nested setup for the interfaces?
Regards
--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Attachment:
signature.asc
Description: OpenPGP digital signature
