Iptables with 3 marks. It is possible?
 

Hi....

I have the following question.

I am using Linux Redhat as gateway of the my network to internet. I am to making NAT and firewall. I Have 3 nics
eth0 - Local network ( 130 hosts )
eth1 - Link 256 full (route default )
eth2 - Link adsl 2Mb (route to forward: p2p, ftp, pop, smtp and others heavy users)
I am using cbq for to limit download and try to limit uploads.

In my iptables script, I need make 3 MARKs for the same packet, as following

# It marks the packets that will go for link ADSL by ip route / ip rule
iptables -t mangle -A PREROUTING -p tcp --dport 21 -j MARK --set-mark 2000
iptables -t mangle -A PREROUTING -p tcp --dport 20 -j MARK --set-mark 2000

# It marks the packets that will be shapped ( upload with cbq )
iptables -t mangle -A PREROUTING -m mac 00:11:22:33:44:55 -j MARK --set-mark 501
....
iptables -t mangle -A PREROUTING -m mac aa:bb:cc:dd:ee:ff -j MARK --set-mark 631
###. I have 130 hosts in my network


# It marks the packages that priority has ( with 'tc prio' command)
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p tcp --dport 23 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p udp --dport 27000:27015 -j MARK --set-mark 110



But only last mark does function

Have solution ?? How to do?

#Marcio P. Silva
#linuXuser