[LARTC] FAQ - Diagram, iptables marking & iproute !

[LARTC] FAQ - Diagram, iptables marking & iproute !

[Arindam HAldar]

hi,
> For a packet coming in (existing MASQUERADED connection):
> -- External Network --
> PREROUTING (mangle)
> << Because the nat table has been consulted when the connection is
> established it is not checked again, however the packet is is
automagically
> deMASQUERADED at this point>>
> FORWARD (filter)
> -- Internal Nework --
>
i tried with this comand to c how things work on MASQURADED pkts.
iptables -t mangle -A PREROUTING -i eth0 -s 202.x.x.x/26 -d 10.0.0.0/8 -j
MARK --set-mark 94
iptables -t mangle -A PREROUTING -i eth4 -s 10.0.0.0/8  -s 202.x.x.x/26 -j
MARK --set-mark 90

iptables -nvL PREROUTING -t mangle     does NOT show any pkts passing marked
94 while for mark 90 its ok !..
I tried this even with FORWARD & OUTPUT and with bandwidth
(iproute)commands.. pkts going to destination 10.0.0.0 does pass thru the
FORWARD & OUTPUT hence are definitly being marked but am not able to do any
traffic control on them( tc -s class ls dev eth0 ... & eth4 doesnt shows any
pkts passing ) !
so i thought might be unable to do it b'coz of private ip& MASQUERADING.. so
i tried handling the dial-up ips from RAS(203.x.x.128/25) on eth3.. the
result were same !!.. however for our office network behind eth1 im able to
mark pkts & control bandwidth accordingly--the office network is
203.x.x.x/25 & eth1 has ip 203.x.x.1/26

showing the results for our office marked packets i was able to convince the
usage iptables/iproute with linux box instead of buying a layer3-4 switch
but now am stuck how to make it working for other ip block & hence convince
management once again ! .. im using RH7.2 with kernel 2.4.18-pre9 with
iptables 1.2.5 & iproute 0801 !!

i will really really really be thankful for ur help!

thanking in advance
A.H

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/