Hi !! I marking packets in a bridge: Mark outbound www packets from clients: /usr/local/sbin/iptables -A PREROUTING -t mangle -m physdev --physdev-in eth1 -p tcp --dport 80 -j MARK --set-mark 2 How I can know if this packets are marked ? roberto -- Ing. Roberto Pereyra ContenidosOnline Looking for Linux Virtual Private Servers ? Click here: http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56
On Mi, 2007-01-24 at 07:29 -0300, Roberto Pereyra wrote:> /usr/local/sbin/iptables -A PREROUTING -t mangle -m physdev > --physdev-in eth1 -p tcp --dport 80 -j MARK --set-mark 2 > > How I can know if this packets are marked ?On the same machine (your bridge), you can match the mark later with iptables ... -m mark --mark value[/mask] ... and there is a classifier for tc, too, I think. The mark doesn''t stay on the packets once they leave your bridge, though, so you can''t match them on other boxes. Regards, Torsten
Also connection tracking (cat /proc/net/ip_conntrack) if loaded will show up the mark id (mark=). Andreas On Wed, 2007-01-24 at 07:29 -0300, Roberto Pereyra wrote:> Hi !! > > I marking packets in a bridge: > > Mark outbound www packets from clients: > > /usr/local/sbin/iptables -A PREROUTING -t mangle -m physdev > --physdev-in eth1 -p tcp --dport 80 -j MARK --set-mark 2 > > How I can know if this packets are marked ? > > roberto >