Re: [LARTC] FTP Connection Tracking in a Bridge

Stef Coene Wed, 20 Aug 2003 05:30:29 -0700

On Wednesday 20 August 2003 12:06, Wayne wrote:
> I believe I am using fwmark as below.  Any input would be appreciated:
>
>
> Here is part of the setup:
>
> iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark
> iptables -A PREROUTING -t mangle -m mark ! --mark 0 -j ACCEPT
> iptables -A PREROUTING -m mark --mark 0 -p tcp --sport 21 -t mangle -j
> MARK --set-mark 14
> iptables -A PREROUTING -m mark --mark 0 -p tcp --sport 80 -t mangle -j
> MARK --set-mark 2
> iptables -A PREROUTING -m mark --mark 0 -p tcp --sport 3128 -t mangle -j
> MARK --set-mark 2
> iptables -A PREROUTING -t mangle -j CONNMARK --save-mark
>
> tc filter add dev eth1 parent 1:2 protocol ip prio 1 handle 2 fw classid
> 1:2a
>
>
> Here is part of /proc/net/ip_conntrack showing the packet is getting
> marked:
>
> tcp      6 431989 ESTABLISHED src=10.0.1.99 dst=196.34.2.188 sport=1838
> dport=3128 src=196.34.2.188 dst=10.0.1.99 sport=3128 dport=1838 [ASSURED]
> use=1 mark=2
>
> Here is part of the QOS class stats show no packets being picked up by the
> filter command:
>
> class htb 1:2 parent 1:1001 leaf 2a: prio 0 quantum 1500 rate 22Kbit ceil
> 120Kbit burst 1627b/8 mpu 0b cburst 1752b/8 mpu 0b level 0
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>  lended: 0 borrowed: 0 giants: 0
>  tokens: 473600 ctokens: 93492
>
> Thanks
Can you also post your filter rules ?


Stef

-- 

[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] FTP Connection Tracking in a Bridge

Reply via email to