All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Arindam HAldar" <ahiam@yahoo.com>
To: lartc@vger.kernel.org
Subject: [LARTC] FAQ - Diagram, iptables marking & iproute !
Date: Thu, 14 Feb 2002 12:56:45 +0000	[thread overview]
Message-ID: <marc-lartc-101369140530557@msgid-missing> (raw)

hi,
> For a packet coming in (existing MASQUERADED connection):
> -- External Network --
> PREROUTING (mangle)
> << Because the nat table has been consulted when the connection is
> established it is not checked again, however the packet is is
automagically
> deMASQUERADED at this point>>
> FORWARD (filter)
> -- Internal Nework --
>
i tried with this comand to c how things work on MASQURADED pkts.
iptables -t mangle -A PREROUTING -i eth0 -s 202.x.x.x/26 -d 10.0.0.0/8 -j
MARK --set-mark 94
iptables -t mangle -A PREROUTING -i eth4 -s 10.0.0.0/8  -s 202.x.x.x/26 -j
MARK --set-mark 90

iptables -nvL PREROUTING -t mangle     does NOT show any pkts passing marked
94 while for mark 90 its ok !..
I tried this even with FORWARD & OUTPUT and with bandwidth
(iproute)commands.. pkts going to destination 10.0.0.0 does pass thru the
FORWARD & OUTPUT hence are definitly being marked but am not able to do any
traffic control on them( tc -s class ls dev eth0 ... & eth4 doesnt shows any
pkts passing ) !
so i thought might be unable to do it b'coz of private ip& MASQUERADING.. so
i tried handling the dial-up ips from RAS(203.x.x.128/25) on eth3.. the
result were same !!.. however for our office network behind eth1 im able to
mark pkts & control bandwidth accordingly--the office network is
203.x.x.x/25 & eth1 has ip 203.x.x.1/26

showing the results for our office marked packets i was able to convince the
usage iptables/iproute with linux box instead of buying a layer3-4 switch
but now am stuck how to make it working for other ip block & hence convince
management once again ! .. im using RH7.2 with kernel 2.4.18-pre9 with
iptables 1.2.5 & iproute 0801 !!

i will really really really be thankful for ur help!

thanking in advance
A.H

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

                 reply	other threads:[~2002-02-14 12:56 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-101369140530557@msgid-missing \
    --to=ahiam@yahoo.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.