In a NAT environment, it is advisable to mark packets in prerouting stage. Subsequently, till the packets leaves the system , the mark will not be changed by any other process except a explicit mark iptables statement. Even if NAT changes IP address, the fw mark will still be the same allowing for classification. AFAIK, mark can have values rangign from 1 to 255.
Mohan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Raghuveer Sent: Thursday, August 14, 2003 4:33 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [LARTC] Bandwith sharing in NAT environment. Rajesh wrote: >Hi > >I wish to implement Bandwith sharing in a NAT environment. > >The question is whether I can classify input packets on the basis of ip-addresses (private LAN addresses)? These packets finally need to be NATed before going on to Internet. > >Would the tc filters see the private addresses and put it in the appropriate classes or would the tc filters see only the NATed address and the filter would fail in putting the packets in the appropriate classes? > >The n/w diag would be somewhat like this > >private address LAN ips ------>iptables(NAT)------>Internet. > > private address LAN ips ------>tc(netlink)--------->iptables(NAT)------>Internet I feel this is how it is...so dnat will be after tc in LAN to WAN and snat will be before tc in WAN to LAN. -Raghu >Can I mark packets using iptables matching source ip-address? >What address will tc filter see when the private addresses are masqueraded ? > >Any help is most welcome. > >Cheers, >Rajesh > > > > >_______________________________________________ >No banners. No pop-ups. No kidding. >Introducing My Way - http://www.myway.com >_______________________________________________ >LARTC mailing list / [EMAIL PROTECTED] >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > _______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
