Changing fwmarks stalls connection... | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
I'm really drive me crazy. I was using, from *years* and at least three debian version, a simple script to mark (fwmark) packets; the script use substantially only POSTROUTING chain in mangle table, setting marks that i use in some htb rules. A simple 'CONNMARK restore' on top, and if mark is still zero (no mark), jump to a subchain that do the marking, and then do a 'CONNMARK save'. I've changed the script, in a way that now i do the 'CONNMARK restore' on PREROUTING, i do the marking on OUTPUT and FORWARD chains, still using the 'if mark not zero' jump to some subchains, and then i do a 'CONNMARK save' on POSTROUTING. I've done that because dividing match on OUTPUT and FORWARD tables i can match more closely my traffic. I've looked and ip_conntrak, and statistics, and seems to me that there's no big differences on marked data. But still TCP connection like web browsing stalls; if i use the old script, all work flawlessy. Priorizaton are enabled (based on fwmarks, of course) but it is the same, i've changed only the mangle table. I'm really get mad. Even supposing i'm done some strange thing on the mangle table, how that can drive to a massive trouble like that? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html