OpenWrt Forum Archive

Post #1

colchaodemola

10 Jan 2008, 17:52

take a look at this:

# iptables -L Default_ct -t mangle -v --line-numbers

1 109 16908 MARK all -- any any anywhere anywhere MARK match 0x0 ipp2p v0.8.1_rc1 --kazaa --gnu --edk --dc --bit MARK set 0x4
2 3 253 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x4
3 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x4
4 1 60 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp 4 1 60 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp 4 1 60 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp multiport ports 22,53 MARK set 0x1
5 1 61 MARK udp -- any any anywhere anywhere MARK match 0x0 udp multiport ports 22,53 MARK set 0x1
6 118 7064 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp multiport ports 20,21,25,80,110,443,993,995 MARK set 0x3
7 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto skypetoskype MARK set 0x2
8 1552 170K CONNMARK all -- any any anywhere anywhere CONNMARK save

Why is this rule number 4 so strange ?

It is built by this line:
iptables -t mangle -A Default_ct -m mark --mark 0 -m tcp -p tcp -m multiport --ports 22,53 -j MARK --set-mark 1 through the generate.sh script.

And even more strange , try to delete that line: [why rule 5 has been deleted ??? ]

# iptables -t mangle -D Default_ct 4
# iptables -L Default_ct -t mangle -v --line-numbers

Chain Default_ct (1 references)
num pkts bytes target prot opt in out source destination
1 192 29926 MARK all -- any any anywhere anywhere MARK match 0x0 ipp2p v0.8.1_rc1 --kazaa --gnu --edk --dc --bit MARK set 0x4
2 6 643 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x4
3 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x4
4 2 121 MARK udp -- any any anywhere anywhere MARK match 0x0 udp 4 2 121 MARK udp -- any any anywhere anywhere MARK match 0x0 udp 4 2 121 MARK udp -- any any anywhere anywhere MARK match 0x0 udp multiport ports 22,53 MARK set 0x1
5 162 9704 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp multiport ports 20,21,25,80,110,443,993,995 MARK set 0x3
6 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto skypetoskype MARK set 0x2
7 2584 267K CONNMARK all -- any any anywhere anywhere CONNMARK save

Post #2

frostschutz

11 Jan 2008, 02:25

Nothing strange about rule 4, except that you printed it 3 times. Maybe a problem with your terminal?
If you look closely at the output after deletion, you'll notice that rule 4 has been deleted and not 5. Except that old rule 4 is still printed two additional times. Maybe still a problem with your terminal?

I frequently get terminal problems with OpenWRT, using urxvt on Linux to SSH onto the OpenWRT router. It does not recognize this terminal type and it does not notice window resize events at all times, so some lines do not always get redrawn correctly. Which may result in left overs on the right side like that rule 4 you are seeing. Pipe the output into a file then copy the file to your machine and verify its contents, to see if iptables is really printing it like this? It would be a strange bug because there should be no code in iptables at all that lets it print such a thing in the first place.

Post #3

colchaodemola

11 Jan 2008, 02:28

you`re right
redirecting works
thanks ...