-t mangle
Brad Chapman
kakadu_croc@yahoo.com
Wed, 26 Sep 2001 16:52:49 -0700 (PDT)
Mr. Lygren,
--- Sture Lygren <sture@rocketrange.no> wrote:
> Hi!
>
> I've been _struggling_ with a new setup of CBQ on our network here
> (using tc and iptables) - have not been able to get it up and running
> yet, and I'm getting more and more desperate!
Then use my mangle5hooks patch, MIME'd to this message; it makes
the mangle table use all 5 IPv4 hook positions, and will struggling--
about 20 times ;)
>
> First - when using '-t mangle ... -j MARK --set-mark ..' (many rules),
> what happens after first rule hit? Will the 'mangle' table be left, or
> will the search go trough the whole table (so that hits on more than one
> rule will mark the package with fwmark set in last rule hit), or what?
The MARK target returns IPT_CONTINUE, which is a signal to ipt_do_table()
to iterate to the next rule. Thus, the whole table is searched until NF_ACCEPT,
NF_DROP, NF_STOLEN, or NF_QUEUE are returned from ipt_do_table().
>
> Second - eth0 is to internet, eth4 to private network, eth4 out eth0
> gets DNAT'ed to ip-eth0. Will iptables ever register hits on '...-s
> some.internett.address -i eth0 -d priv.ip.net' (given priv.ip.net is a
> privat ip-range)?
Don't know. Someone else will answer that question.
>
> I've got 5 interfaces and .... damn I'm tired.
>
> Much appreciate your help
>
> Sture
>
>
> --
> Sture Lygren
> Driftsansvarlig / System Administrator
> Andøya Rakettskytefelt AS
> http://www.rocketrange.no/
Brad
=====
Brad Chapman
Permanent e-mail: kakadu_croc@yahoo.com
Current e-mail: kakadu@adelphia.net
Alternate e-mail: kakadu@netscape.net
__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com