Ping a Specific Port

Question

Ben K.

Asked: 2011-01-30 10:28:40 +0800 CST2011-01-30 10:28:40 +0800 CST 2011-01-30 10:28:40 +0800 CST

set mark on iptables based on interface

772

I have an Ubuntu 10.04 machine with two ethernet interfaces: eth0 (WAN) eth1 (LAN)

I've configured NAT using these commands:

sudo iptables -A FORWARD -o eth0 -i eth1 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE

Now I'd like to add a packet mark to packets sourced from eth1 so that I can traffic-shape based on the mark. What iptables commands do I need to do this?

It seems like I need something along the lines of

   sudo iptables -A FORWARD -i eth1 -t mangle -j MARK --set-mark 3

But I'm not sure. I want to make sure this mark persists past the nat so that I can inspect packets going out on eth0 with tc to do traffic shaping.

1 Answers

Voted

silviud · Answer 1 · 2011-01-30T10:46:25+08:00

Best Answer

silviud

2011-01-30T10:46:25+08:002011-01-30T10:46:25+08:00

sudo iptables -A PREROUTING -i eth1 -t mangle -j MARK --set-mark 3

you want to have the packets marked before they go into the router so you can use PREROUTING. see as well http://lartc.org/howto/lartc.netfilter.html

0

set mark on iptables based on interface

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?