From: Patrick Spousta <spousta@brn.czn.cz>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Packet marking for ingress shapping and NAT
Date: Mon, 10 May 2004 12:31:10 +0000 [thread overview]
Message-ID: <409F760E.6050806@brn.czn.cz> (raw)
In-Reply-To: <409F5528.2070201@brn.czn.cz>
Andreas Klauer wrote:
> Am Monday 10 May 2004 12:10 schrieb Patrick Spousta:
>
>>So I need mark packets to divide them to corresponding queue.
>
>
> That's all right so far. But the qdisc that shapes incoming traffic usually
> sits on your LAN device.
I think you are wrong. Shapping can sits on all interfaces, physical and
logical. IMQ is logical interface.
>
>
>>It has a small problem. After PREROUTING some packets are routed to
>>INPUT (packets intended for this machine for local processes)
>>
>>Does exists solution how to NAT and MARK in PREROUTING, but in this
>>order?
>
>
> I'm not sure if I understand what you want to do. Why do you want to mark
My linux box has 1 WAN interface (to ISP with public IP address) and 3
LAN interfaces (with private IP addresses). Only way how to shape
incoming traffic is use IMG device because shapping is provided on
egress. I understood that packet 'path' looks like this
eth0 -> kernel -> IMQ -> kernel -> ethX
^^^ here is 'egress' where I can do shapping.
But I need divide traffic to the corresponding queues according to real
destination IP. Maybe I don't need marking, I can only use tc filter,
but it must be done in place where packet has real destination IP, ie.
behind (de)NAT.
To IMQ 'interface' I put packets via iptables. Ideal in PREROUTING
chain, but I think I can use only 'mange' table and that is before 'nat'
:-( So now I'm using FORWARD chain but local traffic is going outside of
shapping path
> INPUT packets? There is no qdisc/class to put them in. As for shaping
> incoming traffic that doesn't get forwarded to the LAN, I haven't found a
> proper solution to do that yet. So all I can do is make sure that the
> router doesn't produce any traffic (e.g. don't put a Webserver or similar
> services on it).
But it isn't goor solution :-(
Patrick
>
> Andreas
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2004-05-10 12:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-10 10:10 [LARTC] Packet marking for ingress shapping and NET Patrick Spousta
2004-05-10 10:59 ` Andreas Klauer
2004-05-10 12:06 ` Andy Furniss
2004-05-10 12:31 ` Patrick Spousta [this message]
2004-05-10 12:35 ` Patrick Spousta
2004-05-10 13:48 ` Andy Furniss
2004-05-10 20:09 ` Andy Furniss
2004-05-11 4:25 ` [LARTC] Packet marking for ingress shapping and NAT Patrick Spousta
2004-05-11 13:13 ` Andy Furniss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=409F760E.6050806@brn.czn.cz \
--to=spousta@brn.czn.cz \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.