* [LARTC] Re: IMQ
@ 2002-05-14 8:16 Patrick McHardy
2002-05-14 10:24 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Patrick McHardy @ 2002-05-14 8:16 UTC (permalink / raw)
To: lartc
Hi !
Odri Kornel wrote:
> Hi,
>
> I'm trying to set up a QoS over two logical devices. Imq would be great, but
> my problem is that it's using POSTROUTING rules and I'm already using SNAT
> wich also requires it.
I don't see where the problem is, NAT is an iptables table, IMQ is a
network device. The IMQ iptables target just marks the packet in
POSTROUTING to be enqueued, the actual enqueueing/dequeueing happens
later (after all tables have been passed). The only thing you have to be
aware of is that for outgoing packets the mangle table (marking) will
see the original source ip while any u32/whatever filters attached to
the imq device will get the packets already SNATed, but thats just like
with regular network devices.
Bye,
Patrick
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* [LARTC] Re: IMQ
2002-05-14 8:16 [LARTC] Re: IMQ Patrick McHardy
@ 2002-05-14 10:24 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2002-05-14 10:24 UTC (permalink / raw)
To: lartc
Hi.
Odri Kornel wrote:
> Thank you for your quick answer.
>
> My problem was that although imq is a device it is called via iptables like a
> table just as snat. As far as I know if iptables finds a matching rule, it
> jumps out of the chain, and does not process the other rules. Is this where I
> made a mistake? I haven't found any description about this...
Yes this is not true. If a packet is not explicit dropped / accepted it
continues traversal. Think about the MARK target, in fact the IMQ target
is just a modified MARK target.
Also, the imq device is not called via iptables, iptables is just used
for specifying that the current packet should pass through the imq
device at a later point. The IMQ device feeds itself through netfilter
hooks, so in theory you could f.e. mark all IPX/whatever packets
somewhere during their processing and they would pass the imq device, too.
> So, youre saying, that the packet will be processed trough the other
> postrouting rules after being marked by the mangle rule?
>
> For ex.:
>
> iptables -t mangle -A POSTROUTING -o eth0 -j IMQ
> iptables -t mangle -A POSTROUTING -o ipsec0 -j IMQ
> iptables -t nat -A POSTROUTING -j SNAT ...
>
> This should work?
Yes.
Bye,
Patrick
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-05-14 10:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-05-14 8:16 [LARTC] Re: IMQ Patrick McHardy
2002-05-14 10:24 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.