From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Claudio L. Salvadori" <cls@xpnet.com.br>
Date: Thu, 13 Dec 2001 12:27:37 +0000
Subject: [LARTC] How to MARK NATtted packets coming from external interface to an internal host ?
Message-Id: <marc-lartc-100824638812421@msgid-missing>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi,

I would like to control download bandwidth from the Internet for
clients inside a network. The gateway is a Linux box using
'iptables nat'.
I would like to use 'iptables mangle' to mark the packets coming
from the Internet and going to specific clients and then use CBQ
to shape it:


                         +-----------+
Internal network        |   Linux   |        Internet
------0-----------------|  Gateway  |-------------
       |            eth0 |    NAT    | eth1
    [client]             +-----------+
   192.168.1.8


I tried to use the following command to mark the packets:

iptables -t mangle -A PREROUTING -i eth1 -d 192.168.1.8
           -j MARK --set-mark 1

But the packets are not being marked probably because they were
not NATtted yet and still have the destination ip of the external interface.

How can I classify this traffic so I can shape it ?


Best regards,
Claudio Leonel Salvadori
cls@xpnet.com.br







_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/