Re: [LARTC] Re: LARTC Digest, Vol 26, Issue 24

To:	lartc@mailman.ds9a.nl
Subject:	Re: [LARTC] Re: LARTC Digest, Vol 26, Issue 24
From:	Alejandro Ramos Encinosa <alex@uh.cu>
Date:	Sat, 28 Apr 2007 22:12:45 +0000
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
In-reply-to:	<823158cf0704281233v1f4bd80dg719a78eb779021e1@mail.gmail.com>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
Organization:	GRyD
References:	<20070428100006.2C6AE410C@outpost.ds9a.nl> <823158cf0704281233v1f4bd80dg719a78eb779021e1@mail.gmail.com>
Sender:	lartc-bounces@mailman.ds9a.nl
User-agent:	KMail/1.9.5

On Saturday 28 April 2007 19:33, terraja-based wrote:
> [...]
> iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0
>
> tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid 1:10
> tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid 1:20
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK 
> --set-mark 2
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK
> --set-mark 3
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK
> --set-mark 3
> [...]
> The traffic it continues goes out by the "default" qdisc (1:30), and it was
> not clasified by the correct qdisc.
Hmm, you are trying to "redirect" all packets from eth1 to imq0, and then you 
are trying to mark packets for http and ftp connections. Well, I think you 
need to change again your configuration: if you put '-j IMQ --todev 0' as 
first rule, then all packets will match and will not pass through the chain, 
so any rule after that one, will never match against a packet. You need to 
mark packets before, and send to imq device later. Maybe something like this:

--------------------------------8<-------------------------8<-----------------------------------
[...]
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK --set-mark 
2
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK --set-mark 
3
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK --set-mark 
3
iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0

tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid 1:10
tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid 1:20
[...]
--------------------------------8<-------------------------8<-----------------------------------

PS: as long as I know, marks 0, 1, and 2 are iptables marks (reserved marks), 
so if I were you, I start marking with number 3 or greater.

-- 
Alejandro Ramos Encinosa <alex@uh.cu>
Fac. Matemática Computación
Universidad de La Habana
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] Re: LARTC Digest, Vol 26, Issue 24, terraja-based Re: [LARTC] Re: LARTC Digest, Vol 26, Issue 24, Alejandro Ramos Encinosa <= Re: [LARTC] Re: LARTC Digest, Vol 26, Issue 24, Andreas Mueller

Previous by Date:	[LARTC] Re: LARTC Digest, Vol 26, Issue 24, terraja-based
Next by Date:	Re: [LARTC] Re: LARTC Digest, Vol 26, Issue 24, Andreas Mueller
Previous by Thread:	[LARTC] Re: LARTC Digest, Vol 26, Issue 24, terraja-based
Next by Thread:	Re: [LARTC] Re: LARTC Digest, Vol 26, Issue 24, Andreas Mueller
Indexes:	[Date] [Thread] [Top] [All Lists]