www.nethd.ro

[daniel]

client port are random, if you want to use range, create one line in iptables on mangle for forward and mark that rule, whi that?
webhtb whan parse to /sbin/tc if you want to use in webhtb something like dst-ip`s: 1024:65535 , will be a pain in the ass, because TC don`t know that and webhtb must parse 65535 - 1024 lines for only that rule, so better use iptables to mark that range and on webhtb create one rule with that mark

[daniel]

and option 2 are layer7, for me, i choose that option

[tr3s]

i'll try the option 1, make a mangle rule for iptables.

can you post the iptables rule to make the mark? i do not have so much knowledge about iptables.

[daniel]

iptables -t mangle -A FORWARD -m tcp -p tcp -m multiport --sports 80,443 -d 192.168.0.0/24 --dport 1024:65535 -j MARK --set-mark 1

Here is an complex example, sports 80 and 443 for web, my class ip`s are 192.168.0.0/24 with local ports range 1024 to 65535

if not enouth change FORWARD with POSTROUTING AND/OR PREROUTING

[tr3s]

thanks a lot daniel. i'll play around with that code to fit my needs. i guess i'll be forced to learn iptables

more power to you. surely, you and your work will be a great help to many people

[daniel]

Thanks !