No PREROUTING for OUTPUT?

No PREROUTING for OUTPUT?

[Kenneth Porter]

Can anyone confirm that the PREROUTING chain is absent from the OUTPUT 
packet path? I wanted to tag my UDP packets with TOS Minimize-Delay so that 
they'd go in my high-priority traffic shaping queues, but if PREROUTING 
isn't used in the output path, the packets can't be tagged until after 
they've been through the shaper. (Isn't the shaper part of "routing 
decision" in the diagrams?)

Re: No PREROUTING for OUTPUT?

[George Alexandru Dragoi]

The routing decision is done after OUTPUT chains in both nat and
mangle tables, and before POSTROUTING of course. Is this what you
meant?


On Sun, 17 Oct 2004 12:54:11 -0700, Kenneth Porter
<shiva@sewingwitch.com> wrote:
> Can anyone confirm that the PREROUTING chain is absent from the OUTPUT
> packet path? I wanted to tag my UDP packets with TOS Minimize-Delay so that
> they'd go in my high-priority traffic shaping queues, but if PREROUTING
> isn't used in the output path, the packets can't be tagged until after
> they've been through the shaper. (Isn't the shaper part of "routing
> decision" in the diagrams?)
> 
> 


-- 
Bla bla

Re: No PREROUTING for OUTPUT?

[Kenneth Porter]

--On Sunday, October 17, 2004 11:31 PM +0300 George Alexandru Dragoi 
<waruiinu@gmail.com> wrote:

> The routing decision is done after OUTPUT chains in both nat and
> mangle tables, and before POSTROUTING of course. Is this what you
> meant?

Ah, so for the output path, I need to use "-t mangle -A OUTPUT" instead of 
"-A PREROUTING"? I just need to add the extra rule, then.

Re: No PREROUTING for OUTPUT?

[George Alexandru Dragoi]

-t mangle -A OUTPUT 
or
-t nat OUTPUT
or
-A OUTPUT (same with -t filter -A OUTPUT)
Depends on what you need to do.


On Sun, 17 Oct 2004 14:10:24 -0700, Kenneth Porter
<shiva@sewingwitch.com> wrote:
> --On Sunday, October 17, 2004 11:31 PM +0300 George Alexandru Dragoi
> <waruiinu@gmail.com> wrote:
> 
> > The routing decision is done after OUTPUT chains in both nat and
> > mangle tables, and before POSTROUTING of course. Is this what you
> > meant?
> 
> Ah, so for the output path, I need to use "-t mangle -A OUTPUT" instead of
> "-A PREROUTING"? I just need to add the extra rule, then.
> 
> 


-- 
Bla bla

Re: No PREROUTING for OUTPUT?

[Aleksandar Milivojevic]

Kenneth Porter wrote:
> Can anyone confirm that the PREROUTING chain is absent from the OUTPUT 
> packet path? I wanted to tag my UDP packets with TOS Minimize-Delay so 
> that they'd go in my high-priority traffic shaping queues, but if 
> PREROUTING isn't used in the output path, the packets can't be tagged 
> until after they've been through the shaper. (Isn't the shaper part of 
> "routing decision" in the diagrams?)

The equivalent of PREROUTING chain for locally generated packets would 
be OUTPUT chain.  It exists in filter, nat, and mangle tables.  I'd 
guess what you need is something like:

    iptables -t mangle -A OUTPUT -p udp -j TOS --set-tos Minimize-Delay
    iptables -t mangle -A PREROUTING -p udp -j TOS --set-tos Minimize-Delay

First line would handle locally generated packets, second would handle 
forwarded packets (it would catch incoming too, but I guess it can be 
safely ignored in this case).

-- 
Aleksandar Milivojevic <amilivojevic@pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7