From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Cempura Date: Tue, 30 Jan 2007 12:39:57 +0000 Subject: [LARTC] dev IFB, few questions Message-Id: <45BF3C9D.3090709@tlen.pl> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org I've made some tests... eth2 is my internal interface, LAN is connected here. Before I had IMQ device in AB mode... PREROUTING [A]fter NAT, POSTROUTING [B]efore NAT. I want the same situation on ifb. I do this in this way: --- # incoming traffic here from LAN is before NAT tc qdisc add dev eth2 handle ffff: ingress # outcoming traffic here from WAN is after NAT tc qdisc add dev eth2 root handle 1:0 htb tc filter add dev eth2 parent ffff: protocol ip prio 1 u32 match ip src 192.168.0.0/24 flowid 1:1 action mirred egress mirror dev ifb0 tc filter add dev eth2 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.0/24 flowid 1:2 action mirred egress mirror dev ifb0 --- Everything is working fine. I can catch packets from and to users by they ip address. Of course in my script I'll use act_mirred redirect, but now I'm testing on mirror. But my question is... Am I doing this in right way? Anybody knows better rules? And another question, Is any possible to recognize if traffic is incoming or outcoming from device using u32? I'm doing this - ip src 192.168.0.0/24 or ip dst - but to do this I need to know IP addresses of my LAN. Is it possible to do this without this knowledge? Recognize incoming and outcoming traffic on device by filters (u32)... Thanks in advance :) Konrad Cempura (a.k.a. Lenthir) _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc