All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Masquerade and tc filter
@ 2003-04-27  6:43 Tadas
  2003-04-27  7:58 ` Fw: " Tadas
  2003-04-27  9:20 ` Stef Coene
  0 siblings, 2 replies; 3+ messages in thread
From: Tadas @ 2003-04-27  6:43 UTC (permalink / raw)
  To: lartc

Hello,

I am building a gateway/shaper. As always, there is a locl network
192.168.3.0/24 and connection to internet. Gateway masquerades these
connections. I need to limit upload and download speed for certain IPs. With
download traffic everything is ok: i have put filters on the local netwrok
interface. But I can't set up filters by source address on outgoing
traffic - the interface which makes masquerading.  I have noticed that all
traffic have the same router source address set.

So, what's the solution? Maybe it is imposible? But I have looked through
wondershaper and I saw that there are source  address filters.

Please give me a hint. I am using kernel 2.4.20.

Bye,
Tadas

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Fw: [LARTC] Masquerade and tc filter
  2003-04-27  6:43 [LARTC] Masquerade and tc filter Tadas
@ 2003-04-27  7:58 ` Tadas
  2003-04-27  9:20 ` Stef Coene
  1 sibling, 0 replies; 3+ messages in thread
From: Tadas @ 2003-04-27  7:58 UTC (permalink / raw)
  To: lartc

I know what imq is. Everything is O.K. with download traffic. I need to
shape Upload traffic. But the problem is that u32 filter does not match
correct source address for forwarded packets - only gateway's.

Bye,
Tadas

----- Original Message ----- 
From: "peyrak" <peyrak@seznam.cz>
To: "Tadas" <tadas-lartc@silvernet.kis.lt>
Sent: Sunday, April 27, 2003 11:51 AM
Subject: Re: [LARTC] Masquerade and tc filter


> imq
>
> ###########################
> # Jirka Pirko             #
> # jirka@pirko.cz          #
> # xpirko@fi.muni.cz       #
> # cellular: +420608065259 #
> # icq uin: 136218111      #
> ###########################
> ----- Original Message -----
> From: "Tadas" <tadas-lartc@silvernet.kis.lt>
> To: <lartc@mailman.ds9a.nl>
> Sent: Sunday, April 27, 2003 8:43 AM
> Subject: [LARTC] Masquerade and tc filter
>
>
> > Hello,
> >
> > I am building a gateway/shaper. As always, there is a locl network
> > 192.168.3.0/24 and connection to internet. Gateway masquerades these
> > connections. I need to limit upload and download speed for certain IPs.
> With
> > download traffic everything is ok: i have put filters on the local
netwrok
> > interface. But I can't set up filters by source address on outgoing
> > traffic - the interface which makes masquerading.  I have noticed that
all
> > traffic have the same router source address set.
> >
> > So, what's the solution? Maybe it is imposible? But I have looked
through
> > wondershaper and I saw that there are source  address filters.
> >
> > Please give me a hint. I am using kernel 2.4.20.
> >
> > Bye,
> > Tadas
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
>
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Masquerade and tc filter
  2003-04-27  6:43 [LARTC] Masquerade and tc filter Tadas
  2003-04-27  7:58 ` Fw: " Tadas
@ 2003-04-27  9:20 ` Stef Coene
  1 sibling, 0 replies; 3+ messages in thread
From: Stef Coene @ 2003-04-27  9:20 UTC (permalink / raw)
  To: lartc

On Sunday 27 April 2003 08:43, Tadas wrote:
> Hello,
>
> I am building a gateway/shaper. As always, there is a locl network
> 192.168.3.0/24 and connection to internet. Gateway masquerades these
> connections. I need to limit upload and download speed for certain IPs.
> With download traffic everything is ok: i have put filters on the local
> netwrok interface. But I can't set up filters by source address on outgoing
> traffic - the interface which makes masquerading.  I have noticed that all
> traffic have the same router source address set.
>
> So, what's the solution? Maybe it is imposible? But I have looked through
> wondershaper and I saw that there are source  address filters.
>
> Please give me a hint. I am using kernel 2.4.20.
The solution is to mark the packets when they enter your firewall.  Give each 
ip a different mask (so this happens before the src address is rewritten).  
When they leave the firewall, you can use that mark with the fw filter.  That 
mark only exists in your kernel memory, so it's only valid in your firewall.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-04-27  9:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-27  6:43 [LARTC] Masquerade and tc filter Tadas
2003-04-27  7:58 ` Fw: " Tadas
2003-04-27  9:20 ` Stef Coene

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.