Suppose: ipchains -A forward -s inside_net -d 0/0 -j MASQ -m 100 (similar setup with iptables: iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j SNAT iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j MARK --set_mark 100) eth0 = outside iface eth1 = inside iface now: tc filter add dev eth0 ... handle 100 fw should catch packets marked by the above rule in ipchains (iptables). Ok. When the packet returns, the masq/nat code will find it in it's table and demasquerade it (as if by an invisible inverse rule). Question: Will the demasqueraded packets also bear the mark 100? And will tc filter add dev eth1 handle 100 fw Work? I am probably missing something, as I haven't been able to make it work this way. Any suggestions, please? I want to shape the incoming traffic that I route for my inside network on the inside iface with queues and more complex shaping, rather then just a plain drop on the outside iface. Thank you. -- ing. Andrei Boros mailto:andrei@srr.ro / +40-21-303-1870 Centrul pt. Tehnologia Informatiei Societatea Romana de Radiodifuziune _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
