1

Why might the following simple iptables rule not work:

iptables -t mangle -A POSTROUTING -p tcp --dport 1194 -j CLASSIFY --set-class 1:10

?

I'm trying to prioritize outgoing traffic to VPN. I am connected to the internet via a router with the OpenWrt. And I tried to add this rule to the iptables and corresponding qdisces and classes to the tc. There is no more rules in the POSTROUTING chain, so, as far as I understand, packets could not be "eaten" by some other rule. But iptables -v -t mangle -L POSTROUTING shows that there are few packets caught on connecting to the VPN and on disconnecting from it only. But when I'm working with it, the packets counter remain unchanged.

Serge Roussak
  • 111
  • 2
  • Probably, I found a cause of this behaviour. The thing is that, I am using the GL.iNet router and it has a so called "Routing/NAT Offloading" option which is on by default. I am currently not 100% sure, but it looks like it is some kind of optimization of traffic processing which, among of other, may exclude some packets from processing by the Linux kernel (i.e., in the `iptables`). If I ensure that it's right, I'll update this ticket. – Serge Roussak Apr 23 '21 at 12:58

0 Answers0