From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stef Coene <stef.coene@docum.org>
Date: Fri, 30 May 2003 12:56:56 +0000
Subject: Re: [LARTC] u32 filter and NAT
Message-Id: <marc-lartc-105429948412486@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-105421301800663@msgid-missing>
In-Reply-To: <marc-lartc-105421301800663@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Thursday 29 May 2003 14:55, Szymon Miotk wrote:
> I want to limit each user in my network to have limited bandwidth (let's
>   say 256/128 kbit).
> I use NAT (done with iptables).
> Can I limit users on the outgoing interface using u32 using rules like:
>
> tc filter add dev eth0 parent 1: protocol ip prio 17 u32 match ip src
> 10.10.10.10 flowid 1:10
>
> It seem I made a mistake somewhere or NAT is done before routing and I
> must use iptables mangling. 
The src address is indeed rewritten.  So you have to mark the packets with 
iptables before natting and use that mark with the fw filter.

> BTW what is the maximum for --set-mark ?
Mark is 32 or so, so you can go pretty high.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/