All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Szálka Tamás" <rontombontom@freestart.hu>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] beginner question about imq
Date: Wed, 10 Sep 2003 18:13:57 +0000	[thread overview]
Message-ID: <marc-lartc-106321906423263@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106318926529070@msgid-missing>

At 16:51 2003. 09. 10.­ +0530, you wrote:
>Szálka Tamás wrote:
>
>>Hi!
>>
>>I have to make a firewall which guarantees bandwidth to several clients 
>>(both upstream and downstream should be limitied). It has three 
>>interfaces, eth0 facing to the internet, eth1 to local network with 
>>several ip addresses (different subnets) and eth2 to dmz (webserver). 
>>Egress traffic is ok, I set up the tc rules to eth0 and the upstream 
>>limiting is fine. But I have to manage bandwidth of downloading too.
>>While eth0 has one public ip address, the firewall does masquerading to 
>>the local subnets (with local ip ranges). So should I set up an imq 
>>device on eth1 with iptables mangle through the prerouting chain to do 
>>traffic shaping to the subnets? In this case the packets arrive to eth1 
>>already masqueraded (am I right?) and I can limit the ingress traffic of 
>>local adresses. Or should I use the imq on eth0? Doesn't it bothers 
>>egress shaping? I'm confused a little bit... :-s
>>Can you help me?
>>
>>Thanks
>>Tom
>I feel imq+HTB on eth0 is an ideal solution for ur requirement.
>
>Regards
>-Raghu

I'd like to filter the packages on their SNAT-ed (local) ip addresses. when 
the package enters the IMQ right after the iptables PREROUTING chain, does 
it have SNAT-ed ip addresses? As far as I know the SNAT happens in the 
POSTROUTING chain. Am I wrong? Or am I even more confused? :)

Tom


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

  parent reply	other threads:[~2003-09-10 18:13 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-09-10 10:23 [LARTC] beginner question about imq Szálka Tamás
2003-09-10 11:33 ` Raghuveer
2003-09-10 18:13 ` Szálka Tamás [this message]
2003-09-10 18:36 ` Stef Coene
2003-09-10 19:16 ` Szálka Tamás
2003-09-11 12:39 ` Toshiro Viera
2003-09-11 17:15 ` Stef Coene
2003-09-12 15:22 ` Szálka Tamás
2003-09-12 16:58 ` Stef Coene
2003-09-12 19:07 ` Szálka Tamás
2003-09-12 21:22 ` Stef Coene

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-106321906423263@msgid-missing \
    --to=rontombontom@freestart.hu \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.