* [LARTC] Masquerade and tc filter
@ 2003-04-27 6:43 Tadas
2003-04-27 7:58 ` Fw: " Tadas
2003-04-27 9:20 ` Stef Coene
0 siblings, 2 replies; 3+ messages in thread
From: Tadas @ 2003-04-27 6:43 UTC (permalink / raw)
To: lartc
Hello,
I am building a gateway/shaper. As always, there is a locl network
192.168.3.0/24 and connection to internet. Gateway masquerades these
connections. I need to limit upload and download speed for certain IPs. With
download traffic everything is ok: i have put filters on the local netwrok
interface. But I can't set up filters by source address on outgoing
traffic - the interface which makes masquerading. I have noticed that all
traffic have the same router source address set.
So, what's the solution? Maybe it is imposible? But I have looked through
wondershaper and I saw that there are source address filters.
Please give me a hint. I am using kernel 2.4.20.
Bye,
Tadas
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Fw: [LARTC] Masquerade and tc filter
2003-04-27 6:43 [LARTC] Masquerade and tc filter Tadas
@ 2003-04-27 7:58 ` Tadas
2003-04-27 9:20 ` Stef Coene
1 sibling, 0 replies; 3+ messages in thread
From: Tadas @ 2003-04-27 7:58 UTC (permalink / raw)
To: lartc
I know what imq is. Everything is O.K. with download traffic. I need to
shape Upload traffic. But the problem is that u32 filter does not match
correct source address for forwarded packets - only gateway's.
Bye,
Tadas
----- Original Message -----
From: "peyrak" <peyrak@seznam.cz>
To: "Tadas" <tadas-lartc@silvernet.kis.lt>
Sent: Sunday, April 27, 2003 11:51 AM
Subject: Re: [LARTC] Masquerade and tc filter
> imq
>
> ###########################
> # Jirka Pirko #
> # jirka@pirko.cz #
> # xpirko@fi.muni.cz #
> # cellular: +420608065259 #
> # icq uin: 136218111 #
> ###########################
> ----- Original Message -----
> From: "Tadas" <tadas-lartc@silvernet.kis.lt>
> To: <lartc@mailman.ds9a.nl>
> Sent: Sunday, April 27, 2003 8:43 AM
> Subject: [LARTC] Masquerade and tc filter
>
>
> > Hello,
> >
> > I am building a gateway/shaper. As always, there is a locl network
> > 192.168.3.0/24 and connection to internet. Gateway masquerades these
> > connections. I need to limit upload and download speed for certain IPs.
> With
> > download traffic everything is ok: i have put filters on the local
netwrok
> > interface. But I can't set up filters by source address on outgoing
> > traffic - the interface which makes masquerading. I have noticed that
all
> > traffic have the same router source address set.
> >
> > So, what's the solution? Maybe it is imposible? But I have looked
through
> > wondershaper and I saw that there are source address filters.
> >
> > Please give me a hint. I am using kernel 2.4.20.
> >
> > Bye,
> > Tadas
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Masquerade and tc filter
2003-04-27 6:43 [LARTC] Masquerade and tc filter Tadas
2003-04-27 7:58 ` Fw: " Tadas
@ 2003-04-27 9:20 ` Stef Coene
1 sibling, 0 replies; 3+ messages in thread
From: Stef Coene @ 2003-04-27 9:20 UTC (permalink / raw)
To: lartc
On Sunday 27 April 2003 08:43, Tadas wrote:
> Hello,
>
> I am building a gateway/shaper. As always, there is a locl network
> 192.168.3.0/24 and connection to internet. Gateway masquerades these
> connections. I need to limit upload and download speed for certain IPs.
> With download traffic everything is ok: i have put filters on the local
> netwrok interface. But I can't set up filters by source address on outgoing
> traffic - the interface which makes masquerading. I have noticed that all
> traffic have the same router source address set.
>
> So, what's the solution? Maybe it is imposible? But I have looked through
> wondershaper and I saw that there are source address filters.
>
> Please give me a hint. I am using kernel 2.4.20.
The solution is to mark the packets when they enter your firewall. Give each
ip a different mask (so this happens before the src address is rewritten).
When they leave the firewall, you can use that mark with the fw filter. That
mark only exists in your kernel memory, so it's only valid in your firewall.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-04-27 9:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-27 6:43 [LARTC] Masquerade and tc filter Tadas
2003-04-27 7:58 ` Fw: " Tadas
2003-04-27 9:20 ` Stef Coene
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.