[LARTC] u32 filter and NAT

[LARTC] u32 filter and NAT

[Szymon Miotk]

I want to limit each user in my network to have limited bandwidth (let's 
  say 256/128 kbit).
I use NAT (done with iptables).
Can I limit users on the outgoing interface using u32 using rules like:

tc filter add dev eth0 parent 1: protocol ip prio 17 u32 match ip src 
10.10.10.10 flowid 1:10

It seem I made a mistake somewhere or NAT is done before routing and I 
must use iptables mangling. BTW what is the maximum for --set-mark ?

Thanks!

Szymon Miotk

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] u32 filter and NAT

[Stef Coene]

On Thursday 29 May 2003 14:55, Szymon Miotk wrote:
> I want to limit each user in my network to have limited bandwidth (let's
>   say 256/128 kbit).
> I use NAT (done with iptables).
> Can I limit users on the outgoing interface using u32 using rules like:
>
> tc filter add dev eth0 parent 1: protocol ip prio 17 u32 match ip src
> 10.10.10.10 flowid 1:10
>
> It seem I made a mistake somewhere or NAT is done before routing and I
> must use iptables mangling. 
The src address is indeed rewritten.  So you have to mark the packets with 
iptables before natting and use that mark with the fw filter.

> BTW what is the maximum for --set-mark ?
Mark is 32 or so, so you can go pretty high.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/