Re: [LARTC] iptables, nat and traffic shaping woes

["Martin A. Brown" <mabrown-lartc@securepipe.com>]

Aaron,

Visit the kernel packet traveling diagram linked from 
http://www.docum.org/.  This may answer your question.  If not, then 
explain to us what you are using each of the tools for.

It sounds like you are using

  iptables -t nat -j MASQUERADE   (or something like that; maybe SNAT?)
  iptables -t mangle ???          (what are you doing with mangle)
  tc

 : As I try to solve my problems with iptables, nat and traffic shaping (with
 : ip accounting thrown intot he mix) a friend of mine just sent this claim.
 : Is it true?  Will I have to step back to ipchains, or is there a way to
 : force packets through the traffic shaping filters using iptables?

Without knowing what exactly you are trying to do, we can't answer your 
question, and certainly can't comment on the veracity of your friend's 
statement.

As a general guideline though, if you can think of a way to do something 
with ipchains, you can probably do something similar with iptables (and 
usually it's easier with iptables).

 : > If you are using iptables, you MUST forget it, or change to
 : > ipchains, because masq is done by nat table, and shaping is done by
 : > mangle table. I cannot found any way to drive the packet 1. thru
 : > nat, than mangle, instead of using OUTPUT and FORWARD.

Good luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/