From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrei Boros <andrei@srr.ro>
Date: Mon, 02 Dec 2002 09:55:45 +0000
Subject: [LARTC] tc filter and fwmark
Message-Id: <marc-lartc-103882320212520@msgid-missing>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org



 Suppose:

ipchains -A forward -s inside_net -d 0/0 -j MASQ -m 100

(similar setup with iptables:
iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j SNAT
iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j MARK --set_mark
100)

eth0 = outside iface
eth1 = inside iface

now:
tc filter add dev eth0 ... handle 100 fw
should catch packets marked by the above rule in ipchains (iptables).

Ok. When the packet returns, the masq/nat code will find it in it's
table and demasquerade it (as if by an invisible inverse rule). 
Question:
Will the demasqueraded packets also bear the mark 100?
And will 
tc filter add dev eth1 handle 100 fw 
Work? 

I am probably missing something, as I haven't been able to make it work
this way.
Any suggestions, please?
I want to shape the incoming traffic that I route for my inside network
on the inside iface with queues and more complex shaping, rather then
just a plain drop on the outside iface.

Thank you.


-- 
ing. Andrei Boros
mailto:andrei@srr.ro / +40-21-303-1870
Centrul pt. Tehnologia Informatiei
Societatea Romana de Radiodifuziune
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/