Hi I wish to implement Bandwith sharing in a NAT environment. The question is whether I can classify input packets on the basis of ip-addresses (private LAN addresses)? These packets finally need to be NATed before going on to Internet. Would the tc filters see the private addresses and put it in the appropriate classes or would the tc filters see only the NATed address and the filter would fail in putting the packets in the appropriate classes? The n/w diag would be somewhat like this private address LAN ips ------>iptables(NAT)------>Internet. Can I mark packets using iptables matching source ip-address? What address will tc filter see when the private addresses are masqueraded ? Any help is most welcome. Cheers, Rajesh _______________________________________________ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Saturday 09 August 2003 18:30, Rajesh wrote:> Hi > > I wish to implement Bandwith sharing in a NAT environment. > > The question is whether I can classify input packets on the basis of > ip-addresses (private LAN addresses)? These packets finally need to be > NATed before going on to Internet. > > Would the tc filters see the private addresses and put it in the > appropriate classes or would the tc filters see only the NATed address and > the filter would fail in putting the packets in the appropriate classes? > > The n/w diag would be somewhat like this > > private address LAN ips ------>iptables(NAT)------>Internet. > > Can I mark packets using iptables matching source ip-address?Yes.> What address will tc filter see when the private addresses are masqueraded > ?The ip address of your firewall. So you have to mark the packets in prerouting before the natting.... Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Rajesh wrote:>Hi > >I wish to implement Bandwith sharing in a NAT environment. > >The question is whether I can classify input packets on the basis of ip-addresses (private LAN addresses)? These packets finally need to be NATed before going on to Internet. > >Would the tc filters see the private addresses and put it in the appropriate classes or would the tc filters see only the NATed address and the filter would fail in putting the packets in the appropriate classes? > >The n/w diag would be somewhat like this > >private address LAN ips ------>iptables(NAT)------>Internet. > >private address LAN ips ------>tc(netlink)--------->iptables(NAT)------>Internet I feel this is how it is...so dnat will be after tc in LAN to WAN and snat will be before tc in WAN to LAN. -Raghu>Can I mark packets using iptables matching source ip-address? >What address will tc filter see when the private addresses are masqueraded ? > >Any help is most welcome. > >Cheers, >Rajesh > > > > >_______________________________________________ >No banners. No pop-ups. No kidding. >Introducing My Way - http://www.myway.com >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
In a NAT environment, it is advisable to mark packets in prerouting stage. Subsequently, till the packets leaves the system , the mark will not be changed by any other process except a explicit mark iptables statement. Even if NAT changes IP address, the fw mark will still be the same allowing for classification. AFAIK, mark can have values rangign from 1 to 255. Mohan -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On Behalf Of Raghuveer Sent: Thursday, August 14, 2003 4:33 PM To: rajesh_khanduja@myway.com Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Bandwith sharing in NAT environment. Rajesh wrote:>Hi > >I wish to implement Bandwith sharing in a NAT environment. > >The question is whether I can classify input packets on the basis ofip-addresses (private LAN addresses)? These packets finally need to be NATed before going on to Internet.> >Would the tc filters see the private addresses and put it in theappropriate classes or would the tc filters see only the NATed address and the filter would fail in putting the packets in the appropriate classes?> >The n/w diag would be somewhat like this > >private address LAN ips ------>iptables(NAT)------>Internet. > >private address LAN ips ------>tc(netlink)--------->iptables(NAT)------>Internet I feel this is how it is...so dnat will be after tc in LAN to WAN and snat will be before tc in WAN to LAN. -Raghu>Can I mark packets using iptables matching source ip-address? >What address will tc filter see when the private addresses are masqueraded?> >Any help is most welcome. > >Cheers, >Rajesh > > > > >_______________________________________________ >No banners. No pop-ups. No kidding. >Introducing My Way - http://www.myway.com >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/