* source/destination IP's reversed
@ 2004-01-12 16:41 Allan Gee
0 siblings, 0 replies; only message in thread
From: Allan Gee @ 2004-01-12 16:41 UTC (permalink / raw)
To: netfilter
Hi there,
I have a slight problem with the following scenario:
I am running the 2.4.18-10brnf0.0.7 kernel and using the box as a
bridge/traffic shaper.
I have used pom CONNMARK and string match patches to shape kazaa and e-mail
traffic.
eth1 is my out-going interface so the script below should have my single IP
address as the destination IP and not the source.
The problem is that it only detects the string matches if I reverse the
address i.e. put the destination IP as the source IP.
if I do it the right way no traffic gets marked. I wonder if there is a bug
somewhere?
I use iptables 1.2.9 and patch-o-matic 20030912
/sbin/iptables -t mangle -A PREROUTING -i eth1 -p tcp -j
CONNMARK --restore-mark
/sbin/iptables -t mangle -A PREROUTING -i eth1 -p tcp -m mark ! --mark 0 -j
ACCEPT
/sbin/iptables -t mangle -A PREROUTING -p tcp -i eth1 -s
xxx.xxx.xxx.xxx/32 -d 0/0 -m string --string 'Kazaa' -j MARK --se
/sbin/iptables -t mangle -A PREROUTING -p tcp -i eth1 -s
xxx.xxx.xxx.xxx/32 -d 0/0 -m string --string 'allang@equation.co.
/sbin/iptables -t mangle -A PREROUTING -i eth1 -p tcp -j
CONNMARK --save-mark
/sbin/iptables -t mangle -A FORWARD -p tcp -i eth1 -s xxx.xxx.xxx.xxx/32 -d
0/0 -m mark --mark 1 -j ACCEPT
/sbin/iptables -t mangle -A FORWARD -p tcp -i eth1 -s xxx.xxx.xxx.xxx/32 -d
0/0 -m mark --mark 2 -j ACCEPT
Regards Allan Gee
Phone: +27214181777
www.equation.co.za
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-01-12 16:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-01-12 16:41 source/destination IP's reversed Allan Gee
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.