From mboxrd@z Thu Jan 1 00:00:00 1970 From: Markus Schulz Date: Sat, 04 Mar 2006 12:08:37 +0000 Subject: Re: [LARTC] my shaping rules wont work on nat box Message-Id: <200603041308.37969.msc@antzsystem.de> List-Id: References: <4408D880.4060100@cfl.rr.com> In-Reply-To: <4408D880.4060100@cfl.rr.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Am Samstag, 4. M=E4rz 2006 01:00 schrieb nix4me: > I am currently running the following script on an internal machine to > shape outbound ftp and email traffic. > > I am trying to move the script to my nat router (ipcop with 2 nic > cards) so that it shapes the whole network and not only the outbound > of 1 box. > > I have cable modem -> ipcop (eth1) >(eth0 - 192.168.1.1) > > 192.168.1.100 and 192.168.1.101. > > The scripts works great running on 192.168.1.101. But I cannot get > it to work on either of the ipcop interfaces. > > Does it have something to do with NAT ? > > Script: > #!/bin/bash > #shaping passive and active outbound ftp traffic on an internal > computer without affecting inbound and lan speed > > # mark the outbound passive ftp packets on ports 50000-51000 > iptables -t mangle -D OUTPUT -o eth0 -j MYSHAPER-OUT 2> /dev/null > > /dev/null > iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null > iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null > iptables -t mangle -N MYSHAPER-OUT > iptables -t mangle -I OUTPUT -o eth0 -j MYSHAPER-OUT you must mark your traffic in FORWARD or POSTROUTING chain. OUTPUT is=20 only for locally generated traffic. --=20 Markus Schulz "One disk to rule them all, One disk to find them. One disk to bring=20 them all and in the darkness grind them. In the Land of Redmond where=20 the shadows lie." -- The Silicon Valley Tarot =A0 Henrique Holschuh _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc