[LARTC] How to balance OUTBOUND traffic by packet if..
Patrick McHardy
kaber at trash.net
Fri Jan 14 03:08:02 CET 2005
Andy Furniss wrote:
> Seems still broken.
>
> I built vanilla(apart from nth) 2.6.10, new iptables 1.2.11 +
> pom-200400621 with runme extra only said y to nth.
>
> I see -
>
> Chain OUTPUT (policy ACCEPT 817 packets, 103K bytes)
> pkts bytes target prot opt in out source destination
> 15 1260 MARK all -- * eth0 0.0.0.0/0
> 0.0.0.0/0 every 2th packet #0 MARK set 0x1
> 15 1260 MARK all -- * eth0 0.0.0.0/0
> 0.0.0.0/0 every 2th packet #1 MARK set 0x2
>
> Chain POSTROUTING (policy ACCEPT 817 packets, 103K bytes)
> pkts bytes target prot opt in out source destination
> 0 0 all -- * eth0 0.0.0.0/0
> 0.0.0.0/0 MARK match 0x1
> 15 1260 all -- * eth0 0.0.0.0/0
> 0.0.0.0/0 MARK match 0x2
> [root at amd /home/andy]# cat ./nth-test
> iptables -t mangle -A OUTPUT -o eth0 -m nth --counter 1 --every 2
> --packet 0 -j MARK --set-mark 1
> iptables -t mangle -A OUTPUT -o eth0 -m nth --counter 1 --every 2
> --packet 1 -j MARK --set-mark 2
> iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark 1
> iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark 2
>
> Any Ideas anyone?
Try adding "-m mark --mark X -j RETURN" rules after the MARK rules. The MARK
target is non-terminal, so you are overwriting the mark in the second rule.
Alternatively you can use "--start 1" in the one of the nth matches.
Regards
Patrick
More information about the netfilter-devel
mailing list