All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stef Coene <stef.coene@docum.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Masquerade and tc filter
Date: Sun, 27 Apr 2003 09:20:58 +0000	[thread overview]
Message-ID: <marc-lartc-105143536815880@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105142949212372@msgid-missing>

On Sunday 27 April 2003 08:43, Tadas wrote:
> Hello,
>
> I am building a gateway/shaper. As always, there is a locl network
> 192.168.3.0/24 and connection to internet. Gateway masquerades these
> connections. I need to limit upload and download speed for certain IPs.
> With download traffic everything is ok: i have put filters on the local
> netwrok interface. But I can't set up filters by source address on outgoing
> traffic - the interface which makes masquerading.  I have noticed that all
> traffic have the same router source address set.
>
> So, what's the solution? Maybe it is imposible? But I have looked through
> wondershaper and I saw that there are source  address filters.
>
> Please give me a hint. I am using kernel 2.4.20.
The solution is to mark the packets when they enter your firewall.  Give each 
ip a different mask (so this happens before the src address is rewritten).  
When they leave the firewall, you can use that mark with the fw filter.  That 
mark only exists in your kernel memory, so it's only valid in your firewall.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

      parent reply	other threads:[~2003-04-27  9:20 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-04-27  6:43 [LARTC] Masquerade and tc filter Tadas
2003-04-27  7:58 ` Fw: " Tadas
2003-04-27  9:20 ` Stef Coene [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-105143536815880@msgid-missing \
    --to=stef.coene@docum.org \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.