I''m trying to get IMQ working correctly as incoming on a box that is
running SNAT.
I''ve modified imq.c so that it fires after IP_PRI_NAT_DST instead of
mangle and am using tc filter commands to choose the flowid based on the
destination address. IMQ still seems to be firing before the system has
reversed the SNAT.
scripts I''m using
tc qdisc add dev imq0 root handle 1: htb default 20
DOWNLINK=512
LIMIT="ceil ${DOWNLINK}kbit"
tc class add dev imq0 parent 1: classid 1:1 htb rate ${DOWNLINK}kbit
tc class add dev imq0 parent 1:1 classid 1:10 htb rate 64kbit $LIMIT
tc class add dev imq0 parent 1:1 classid 1:20 htb rate 64kbit $LIMIT
tc qdisc add dev imq0 parent 1:10 handle 10: sfq
tc qdisc add dev imq0 parent 1:20 handle 20: sfq
tc filter add dev imq0 parent 1: protocol ip prio 1 u32 match ip dst
172.30.0.2/32 flowid 1:10
iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0
iptables -t nat -A PREROUTING -s 172.30.0.0/24 -d ! 172.30.0.0/24 -j
MASQUERADE
ip link set imq0 up