I'm using iptables 1.2.5 under 2.4.17 newnat I'm also attempting to use the imq device with a view to implementing QOS on a small home network (heck.. it's fun..) prob. with htb.
Problem is marking packets. Home net is 192.168.0 (wireless 11Mb) & 192.168.1 (ethernet 10Mb full) with ppp0 for adsl 256up 512 down. I'm using NAT with a single IP address on ppp0 Since I want to mark the packets in the mangle table I think the PREROUTING chain appears the best to use. I want to mark seperately local -> adsl big/small (11/14) adsl -> local big/small (21/24) local -> local traffic (31) My problem is that my rules attempting to identify local traffic fail. Since I'm in the prerouting chain I can't use -o device, but I should be able to examine destination address shouldn't I? Here are my rules iptables -t mangle -A PREROUTING -d! 192.168.0.1/16 -m length --length 0:500 -j MARK --set-mark 11 iptables -t mangle -A PREROUTING -d! 192.168.0.1/16 -m length --length 500:15000 -j MARK --set-mark 14 iptables -t mangle -A PREROUTING -s! 192.168.0.1/16 -m length --length 0:500 -j MARK --set-mark 21 iptables -t mangle -A PREROUTING -s! 192.168.0.1/16 -m length --length 500:15000 -j MARK --set-mark 24 iptables -t mangle -A PREROUTING -j MARK --set-mark 31 iptables -t mangle -A PREROUTING -s 192.168.0.1/16 -d 192.168.0.1/16 -j MARK --set-mark 31 I think identification of up/downstream traffic split by length *appears* to work Basically the rules are: 1. Traffic not destined for local net & small - mark 11 2. Traffic not destined for localnet & big - mark 14 3. Traffic from internet small - mark 21 4. traffic from internet - large - mark 24 5. Traffic from local net to localnet - mark 31 What have I done wrong ....? Also.. what's the best way to see how the packet is marked? I can sort of see via which queue/class my packet gets sent to, but tcpdump certainly doesn't show the mark (why should it?) -- Nigel Jones [EMAIL PROTECTED]
