Hy, I did some tests and i have some modifications and questions on the Kernel Packet Traveling Diagram found at http://www.docum.org/stef.coene/qos/kptd/ Test where made on a Suse 7.2 - kernel 2.4.18 + htb 3.3 + imq, iptables 1.2.6-imq and tc_htb. Where is on the diagram the mangle INPUT,FORWARD,POSTROUTING??? i tested only the POSTROUTING, and found that is before "nat POSTROUTING", beacouse i put: iptables -t mangle -A POSTROUTING -o eth0 -j LOG --log-prefix LOG_FILTER_EXT-DEF- and get in the logs this: Sep 11 00:18:22 www kernel: LOG_FILTER_EXT-DEF-IN= OUT=eth0 SRC=10.0.0.100 DST=80.128.37.129 LEN=1 and i have: Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 10.0.0.0/24 0.0.0.0/0 to:x.x.x.x so it''s right??? if yes Stef please modify the diagram, if no, why? and probably the "mangle INPUT" is after "filter INPUT" and "mangle FORWARD" is after "filter FORWARD" C _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, The diagram is not completed. If you check previous messages in this list you will see that mangle INPUT, FORWARD and POSTROUTING are not included yet. It''s my responsability to update the diagram. I''m going to do it as soon as possible. Mangle is always before nat, have a look to http://www.netfilter.org/documentation/HOWTO//netfilter-hacking-HOWTO.txt Best regards, Leonardo Balliache. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> i tested only the POSTROUTING, and found that is before "nat > POSTROUTING", beacouse i put: > > iptables -t mangle -A POSTROUTING -o eth0 -j LOG --log-prefix > LOG_FILTER_EXT-DEF- > > and get in the logs this: > Sep 11 00:18:22 www kernel: LOG_FILTER_EXT-DEF-IN= OUT=eth0 > SRC=10.0.0.100 DST=80.128.37.129 LEN=1 > > and i have: > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > SNAT all -- 10.0.0.0/24 0.0.0.0/0 to:x.x.x.x > > > so it''s right??? if yes Stef please modify the diagram, if no, why? > > and probably the "mangle INPUT" is after "filter INPUT" > > and "mangle FORWARD" is after "filter FORWARD"I updated the diagram. Like Leonardo said, I putted mangle before nat. Any updates/remarks are welcome. I also added the imq device (right after mangle for incoming packets and after all tables for outgoing packets). Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/