From: "S Mohan" <smohan@vsnl.com>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] Bandwith sharing in NAT environment.
Date: Thu, 14 Aug 2003 11:26:44 +0000 [thread overview]
Message-ID: <marc-lartc-106085945232022@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106044670230870@msgid-missing>
In a NAT environment, it is advisable to mark packets in prerouting stage.
Subsequently, till the packets leaves the system , the mark will not be
changed by any other process except a explicit mark iptables statement. Even
if NAT changes IP address, the fw mark will still be the same allowing for
classification. AFAIK, mark can have values rangign from 1 to 255.
Mohan
-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
Behalf Of Raghuveer
Sent: Thursday, August 14, 2003 4:33 PM
To: rajesh_khanduja@myway.com
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Bandwith sharing in NAT environment.
Rajesh wrote:
>Hi
>
>I wish to implement Bandwith sharing in a NAT environment.
>
>The question is whether I can classify input packets on the basis of
ip-addresses (private LAN addresses)? These packets finally need to be NATed
before going on to Internet.
>
>Would the tc filters see the private addresses and put it in the
appropriate classes or would the tc filters see only the NATed address and
the filter would fail in putting the packets in the appropriate classes?
>
>The n/w diag would be somewhat like this
>
>private address LAN ips ------>iptables(NAT)------>Internet.
>
>
private address LAN
ips ------>tc(netlink)--------->iptables(NAT)------>Internet
I feel this is how it is...so dnat will be after tc in LAN to WAN and snat
will be before tc in WAN to LAN.
-Raghu
>Can I mark packets using iptables matching source ip-address?
>What address will tc filter see when the private addresses are masqueraded
?
>
>Any help is most welcome.
>
>Cheers,
>Rajesh
>
>
>
>
>_______________________________________________
>No banners. No pop-ups. No kidding.
>Introducing My Way - http://www.myway.com
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-08-14 11:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-09 16:30 [LARTC] Bandwith sharing in NAT environment Rajesh
2003-08-09 21:23 ` Stef Coene
2003-08-14 11:15 ` Raghuveer
2003-08-14 11:26 ` S Mohan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106085945232022@msgid-missing \
--to=smohan@vsnl.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.