iptables filter by bridged interface

Question

I try to make a QOS server using IMQ interface to monitor ingress.

my setup :

                     br0
                      |
WAN <=> eth1 => IMQ1 <|> eth0 <=> LAN

all go nicely until i try to add the iptables rule to redirect incoming trafic from eth1 to IMQ1.

it seem that i can't say : take all incoming packet from eth1 to target IMQ.

iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 1

a more simple exemple say that None packet hit the «-i eth1» part of this rule.

see this :

# iptables -t mangle -A PREROUTING -i eth1 -p TCP -j ACCEPT
# iptables -t mangle -A PREROUTING  -p TCP -j ACCEPT

# iptables -x -n -v -t mangle -L PREROUTING         
> Chain PREROUTING (policy ACCEPT 4 packets, 305 bytes)
>     pkts      bytes target     prot opt in     out     source             destination         
>        0        0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
>      125     8214 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0

how say «I want all trafic incoming from eth1 to go to IMQ» ?

score 2 · Answer 1 · answered Sep 26 '13 at 09:48

2

it seem that the «-i» is not made for bridged interfaces.

the manual explain that the module physdev is made for that.

my working rule is :

iptables -t mangle -A PREROUTING -m physdev --physdev-in eth1 -j IMQ --todev 1

answered Sep 26 '13 at 09:48

ornoone

131
3

iptables filter by bridged interface

1 Answers1