i want to limit bandwidth and route to 3 gateway, my rules show like this:
ip rule add fwmark 11 table $TABLE_1
ip rule add fwmark 12 table $TABLE_2
ip rule add fwmark 14 table $TABLE_3

iptables -t mangle -A PREROUTING -m state –state new -j MARK –set-xmark 0×1
iptables -t mangle -A PREROUTING -m state –state new -m statistic –mode random –probability 0.3 -j MARK –set-xmark 0×2
iptables -t mangle -A PREROUTING -m state –state new -m statistic –mode random –probability 0.3 -j MARK –set-xmark 0×4

for tc:

iptables -t mangle -A FORWARD -o eth0 -p tcp –sport 80 -j MARK –set-xmark 10
iptables -t mangle -A FORWARD -o eth0 -p udp –sport 80 -j MARK –set-xmark 10
iptables -t mangle -A PREROUTING -p tcp –dport 80 -j MARK –set-xmark 10

it’s that mean if packet goes to port 80 and table1 will marked 11? If I have a lot of port marking rule, do i have to write complex ip rule?

Do you have something more simple? or it really have to be complicated like that?

For anyone else: http://ipset.netfilter.org/

Andy.

Just had a quick look and –set-xmark is mentioned in the iptables manpage – it states that it zeroes out the bits given by the mask and XORs in the value given.

Andy.

I’m learning/researching IPtables and a little confused. I have found documentation on the option –set-mark, but nothing on –set-xmark as used in your example here.

I have seen examples like –set-mark 12/8 where the 1100 is masked by 1000 to result in 1000, but your example seems to be different.

As best I can figure out, if both examples are correct, –set-mark ANDs with the mask and –set-xmark XORs with the mask – is that what is happening here?

Thanks -