Add -i eth0 if eth0 is your outward facing interface, you may also have to place the mark in PREROUTING. It's been a while since I fiddled and am kind of fuzzy ATM about iptables packet traversal. Mike. > -----Original Message----- > From: FB [mailto:register@flintz.de] > Sent: Monday, July 12, 2004 6:53 PM > To: Mike > Cc: lartc@mailman.ds9a.nl > Subject: Re: [LARTC] Layer 7 netfilter not working >=20 > > You may be marking on the ingress interface. Locally generated packets > > do not go through that NIC and therefore do not get marked. You would > > have to mark them on the INPUT chain of your egress interface. > > > > Mike Fetherston >=20 > Thats the line in my iptables-skript: > $IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j MARK > --set-mark 322 >=20 > Any suggestion how to modify it? > (-A INPUT doesn't work, no shaping anymore at all, when I put this) >=20 > -FB > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/