Hi.... Help me please!!! I am using Linux Redhat as router of the my network. I am to making NAT and firewall. In my iptables script, I need make 3 MARKs for the same packet, as following # It marks the packets that will go for link ADSL (I have 2 links - adsl 2Mb and ''dedicate link'' 256Mb ) # I am using ''ip rule / ip route'' to make this iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark 2000 iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK --set-mark 2000 # It marks the packets that will be shapped ( upload with cbq ) iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55 -j MARK --set-mark 501 .... iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff -j MARK --set-mark 631 ###. I have 130 hosts in my network # It marks the packages that priority has ( with ''tc prio'' command) iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100 iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100 iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK --set-mark 110 But only last mark does function Have solution ?? How to do? #Marcio P. Silva #linuXuser _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Tue, 2004-11-30 at 00:12 -0200, mah@rapidnet.com.br wrote:> Hi.... > > Help me please!!! > > I am using Linux Redhat as router of the my network. I am to making NAT and firewall. > > In my iptables script, I need make 3 MARKs for the same packet, as following > > # It marks the packets that will go for link ADSL (I have 2 links - adsl 2Mb and ''dedicate link'' 256Mb ) > # I am using ''ip rule / ip route'' to make this > iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark 2000 > iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK --set-mark 2000 > > # It marks the packets that will be shapped ( upload with cbq ) > iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55 -j MARK --set-mark 501 > .... > iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff -j MARK --set-mark 631 > ###. I have 130 hosts in my network > > > # It marks the packages that priority has ( with ''tc prio'' command) > iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100 > iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100 > iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK --set-mark 110 > > > > But only last mark does functionI have just this hour started looking at marking packets, so my information could be wrong, but I believe that --set-mark <n> where n is an integer from 1-255. You cannot use values greater than 255. b.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 el Diumenge 19 Desembre 2004 20:32, Brian J. Murrell va escriure:> On Tue, 2004-11-30 at 00:12 -0200, mah@rapidnet.com.br wrote: > > Hi.... > > > > Help me please!!! > > > > I am using Linux Redhat as router of the my network. I am to making NAT > > and firewall. > > > > In my iptables script, I need make 3 MARKs for the same packet, as > > following > > > > # It marks the packets that will go for link ADSL (I have 2 links - adsl > > 2Mb and ''dedicate link'' 256Mb ) # I am using ''ip rule / ip route'' to > > make this > > iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark > > 2000 iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK > > --set-mark 2000 > > > > # It marks the packets that will be shapped ( upload with cbq ) > > iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55 -j MARK > > --set-mark 501 .... > > iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff -j MARK > > --set-mark 631 ###. I have 130 hosts in my network > > > > > > # It marks the packages that priority has ( with ''tc prio'' command) > > iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100 > > iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100 > > iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK > > --set-mark 110 > > > > > > > > But only last mark does function > > I have just this hour started looking at marking packets, so my > information could be wrong, but I believe that --set-mark <n> where n is > an integer from 1-255. You cannot use values greater than 255. > > b.I''m using values greater than 255, may be you need to install mark modules? - -- ID 0x834D5708 wget http://www.awacat.com/clausGPG/publica_tictac.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBxvB9LGhud4NNVwgRAuVLAKC5YgJN/0VBy6vA4+d+rqZNyqxIlQCfacf3 Ujp2PjGND7iDf0x6N2VBhyk=QGQ7 -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/