[LARTC] Bridge + TC
Roy Walker
rwalker@miracomnetwork.com
Mon, 15 Mar 2004 16:11:05 -0600
I posted out on this problem some time ago and could never get 2.4.25 or =
any 2.6 kernel to work with TC + Bridging. If anyone has this working =
and has actually tested it (I am actually just doing IP based iptables =
filtering from my bridge interface) please let us know what version of =
iproute you used and what patches you applied and with which version of =
the kernel.
The older 2.4.2x kernel's seem to work fine for this (I am currently =
running 2.4.22).
Roy
-----Original Message-----
From: miller69@gmx.net [mailto:miller69@gmx.net]=20
Sent: Monday, March 15, 2004 3:03 PM
To: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Bridge + TC
Hi,
> I have also tried that. I'm using 2.6.3-mm3 -> packets don't seem to=20
> Perhaps the key here is 2.4. I might have to revert...
There was a change with kernel 2.6.0 for incoming and outgoing =
interfaces of
a bridge device (at least for iptables - that's why I'm guessing it also
affects ebtables):
> ebtables -A FORWARD -i eth1 -j mark --set-mark 0x1
> ebtables -A FORWARD -i eth2 -j mark --set-mark 0x2
Well for iptables a similar rule would look like:
iptables -A FORWARD -i eth1 -j MARK --set-mark 0x1
If eth1 is a port of a bridge you have to use with 2.6.x this:
iptables -A FORWARD -m physdev --physdev-in eth1 -j MARK --set-mark 0x1
Having a closer look at this may help solving your problem?
Regards,
=20
--=20
+++ NEU bei GMX und erstmalig in Deutschland: T=DCV-gepr=FCfter =
Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/