From mboxrd@z Thu Jan  1 00:00:00 1970
From: Barton Hodges <barton@gcmcomputers.com>
Date: Tue, 12 Jun 2001 22:37:19 +0000
Subject: [LARTC] Marking returned MASQ'ed packets (ingress, TC, etc.)
Message-Id: <marc-lartc-99238552718946@msgid-missing>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi Folks,

I'm using a 2.4.x kernel and TC from the iproute2 package
so that I can limit traffic through my gateway.  I'm using this
to mark packets when they leave the LAN:

/sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0
-m 1  

When the packets return, I need to have them marked again so that
the ingress filter will limit the bandwidth in the opposite direction.

The only way I have found to do this, is to mark EVERY packet like this:

/sbin/ipchains -A input -i eth0 -s 0.0.0.0/0 -d 12.10.109.52/32 -m 1 

This works, but what I would really like to do, is mark the
192.168.1.0/24 packets instead (after they have been "un-masq'ed", 
so that I can limit bandwidth on each interface in the gateway box.

Is this possible?

Thanks,

Barton

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/