On Saturday 28 April 2007 19:33, terraja-based wrote: > [...] > iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 > > tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid 1:10 > tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid 1:20 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK > --set-mark 2 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK > --set-mark 3 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK > --set-mark 3 > [...] > The traffic it continues goes out by the "default" qdisc (1:30), and it was > not clasified by the correct qdisc. Hmm, you are trying to "redirect" all packets from eth1 to imq0, and then you are trying to mark packets for http and ftp connections. Well, I think you need to change again your configuration: if you put '-j IMQ --todev 0' as first rule, then all packets will match and will not pass through the chain, so any rule after that one, will never match against a packet. You need to mark packets before, and send to imq device later. Maybe something like this:
--------------------------------8<-------------------------8<----------------------------------- [...] iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK --set-mark 3 iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK --set-mark 3 iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid 1:10 tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid 1:20 [...] --------------------------------8<-------------------------8<----------------------------------- PS: as long as I know, marks 0, 1, and 2 are iptables marks (reserved marks), so if I were you, I start marking with number 3 or greater. -- Alejandro Ramos Encinosa <[EMAIL PROTECTED]> Fac. Matemática Computación Universidad de La Habana _______________________________________________ LARTC mailing list [email protected] http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
