[LARTC] Bridge + TC
Jon Anderson
jon-anderson@rogers.com
Mon, 15 Mar 2004 15:28:45 +0000
Jeroen Vriesman wrote:
>So I would suggest testing:
>
>1) no filter rule for 1:10 which is default
>
>
This shouldn't affect things in the end though, correct? (I.e. it's
overkill, but it won't hurt anything, right?)
(I've also had it pass by default through the 1:1, in which case nothing
passed through 1:10, nor 1:20 - everything went through 1:1.)
>2) no filters with handle 1, (I start at 101 for the filters)
>
>
>> tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
"handle 1" - is that not how it picks up on nfmark? If nfmark is set to
1, is this not the part that picks up that nfmark?
>3) marking with iptables in mangle PREROUTING
>
>
I have also tried that. I'm using 2.6.3-mm3 -> packets don't seem to
pass through iptables anymore unless they're specifically routed rather
than bridged (can anyone confirm this?). I have another (2-if, no QoS)
bridge running 2.4, and iptables commands filter fine. With this new
bridge running 2.6, dropping everything with iptables doesn't work
'iptables -A FORWARD -j DROP' doesn't affect the bridge in the least -
hosts continue to talk through the bridge. (Same in ebtables works as
expected though.)
>should work, it's working fine here on 2.4.24+ebtables
>
>
>
Perhaps the key here is 2.4. I might have to revert...
Thanks for the input. Now I have something else to try!
Cheers,
jon