I am wanting to do a transparent traffic shaper before my router that is doing PCC load balancing.
The problem I am having is that nothing is being marked on the firewall. I have a bridge setup and ether 2 and ether 3 added to the bridge and the bridge has enabled "Use IP Firewall". Any idea why the traffic isn't being caught by the firewall rules?
Code: Select all
;;; DNS Traffic
chain=prerouting action=mark-connection new-connection-mark=dns_conn
passthrough=yes protocol=udp dst-port=53 log=no log-prefix=""
chain=prerouting action=mark-connection new-connection-mark=dns_conn
passthrough=yes protocol=tcp dst-port=53 log=no log-prefix=""
chain=prerouting action=mark-packet new-packet-mark=dns passthrough=no
connection-mark=dns_conn log=no log-prefix=""
;;; HTTP Traffic
chain=prerouting action=mark-connection new-connection-mark=http_conn
passthrough=yes protocol=tcp dst-port=80,443 log=no log-prefix=""
chain=prerouting action=mark-packet new-packet-mark=http passthrough=no
connection-mark=http_conn log=no log-prefix=""
;;; ICMP Traffic
chain=prerouting action=mark-connection new-connection-mark=icmp_conn
passthrough=yes protocol=icmp log=no log-prefix=""
chain=prerouting action=mark-packet new-packet-mark=icmp passthrough=no
connection-mark=icmp_conn log=no log-prefix=""
;;; P2P Traffic
chain=prerouting action=mark-connection new-connection-mark=p2p_conn
passthrough=yes layer7-protocol=torrent-wwws log=no log-prefix=""
chain=prerouting action=mark-packet new-packet-mark=p2p passthrough=no
connection-mark=p2p_conn log=no log-prefix=""
;;; Everything else
chain=prerouting action=mark-connection new-connection-mark=other_conn
passthrough=yes log=no log-prefix=""
chain=prerouting action=mark-packet new-packet-mark=other passthrough=no
connection-mark=other_conn log=no log-prefix=""
