[LARTC] dev IFB, few questions

[LARTC] dev IFB, few questions

[Konrad Cempura]

I've made some tests...

eth2 is my internal interface, LAN is connected here.

Before I had IMQ device in AB mode...
PREROUTING [A]fter NAT, POSTROUTING [B]efore NAT.
I want the same situation on ifb.

I do this in this way:
---
# incoming traffic here from LAN is before NAT
tc qdisc add dev eth2 handle ffff: ingress

# outcoming traffic here from WAN is after NAT
tc qdisc add dev eth2 root handle 1:0 htb

tc filter add dev eth2 parent ffff: protocol ip prio 1 u32 match ip src
192.168.0.0/24 flowid 1:1 action mirred egress mirror dev ifb0

tc filter add dev eth2 parent 1:0 protocol ip prio 1 u32 match ip dst
192.168.0.0/24 flowid 1:2 action mirred egress mirror dev ifb0
---

Everything is working fine. I can catch packets from and to users by
they ip address. Of course in my script I'll use act_mirred redirect,
but now I'm testing on mirror.

But my question is... Am I doing this in right way?
Anybody knows better rules?

And another question, Is any possible to recognize if traffic is
incoming or outcoming from device using u32?
I'm doing this - ip src 192.168.0.0/24 or ip dst - but to do this I need
to know IP addresses of my LAN. Is it possible to do this without this
knowledge? Recognize incoming and outcoming traffic on device by filters
(u32)...

Thanks in advance :)
Konrad Cempura
(a.k.a. Lenthir)

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc