From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Date: Sun, 11 Aug 2002 13:39:17 +0000 Subject: Re: [LARTC] NAT & IMQ MIME-Version: 1 Content-Type: multipart/mixed; boundary="------------020208080004090901020901" Message-Id: List-Id: References: In-Reply-To: To: lartc@vger.kernel.org This is a multi-part message in MIME format. --------------020208080004090901020901 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi Daniel, Daniel Sercaianu wrote: > I have the following problems: > I cannot shape the ip xxx.xxx.xxx.xxx when I do SNAT or MASQUERADE with > them. Otherwise when I remove these two iptables lines the shaping works > perfectly. > > It is very important for me to shape the xxx.xxx.xxx.xxx ip and not the > yyy.yyy.yyy.yyy. When I tried to shape yyy.yyy.yyy.yyy, it worked. > > What rules should be added to make this possible? > > > My iptables rules are: > > iptables -A PREROUTING -t mangle -s xxx.xxx.xxx.xxx -j MARK --set-mark 1 > iptables -A POSTROUTING -t nat -s xxx.xxx.xxx.xxx -j SNAT --to zzz.zzz.zzz.zzz -o eth4 > > > > iptables -t mangle -I PREROUTING -j IMQ > ip link set imq0 up > > > ip rule shows the following output: > > 32764: from zzz.zzz.zzz.0/24 lookup ew > 32765: from all fwmark 1 lookup ew > 32766: from all lookup main > 32767: from all lookup default > > > > > My tc + htb rule look like this: > > /sbin/tc qdisc add dev imq0 root handle 1: htb default 200 r2q 3 > /sbin/tc class add dev imq0 parent 1:0 classid 1:1 htb rate 100Mbit ceil 100Mbit burst 2k prio 5 > > /sbin/tc filter add dev imq0 parent 1:0 protocol ip prio 5 handle 1: u32 divisor 256 > > /sbin/tc class add dev imq0 parent 1:1 classid 1:2 htb rate 512kbit ceil 512kbit burst 2k prio 5 > /sbin/tc qdisc add dev imq0 parent 1:2 handle 10: sfq quantum 1514b perturb 10 > /sbin/tc filter add dev imq0 parent 1:0 protocol ip prio 5 u32 match ip dst xxx.xxx.xxx.xxx flowid 1:2 If i understood you right this is probably not working because imq sees packets before zzz.zzz.zzz.zzz is dnated back to xxx.xxx.xxx.xxx. please try the attached patch. bye patrick --------------020208080004090901020901 Content-Type: text/plain; name="imqnat.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="imqnat.diff" --- imq.c.orig Sun Aug 11 15:30:24 2002 +++ imq.c Sun Aug 11 15:31:17 2002 @@ -37,7 +37,7 @@ imq_nf_hook, PF_INET, NF_IP_PRE_ROUTING, - NF_IP_PRI_MANGLE + 1 + NF_IP_PRI_NAT_DST + 1 }; static struct nf_hook_ops imq_egress_ipv4 = { @@ -54,7 +54,7 @@ imq_nf_hook, PF_INET6, NF_IP6_PRE_ROUTING, - NF_IP6_PRI_MANGLE + 1 + NF_IP6_PRI_NAT_SRC + 1 }; static struct nf_hook_ops imq_egress_ipv6 = { --------------020208080004090901020901-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/