Re: [LARTC] Masquerade and tc filter

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sunday 27 April 2003 08:43, Tadas wrote:
> Hello,
>
> I am building a gateway/shaper. As always, there is a locl network
> 192.168.3.0/24 and connection to internet. Gateway masquerades these
> connections. I need to limit upload and download speed for certain IPs.
> With download traffic everything is ok: i have put filters on the local
> netwrok interface. But I can't set up filters by source address on outgoing
> traffic - the interface which makes masquerading.  I have noticed that all
> traffic have the same router source address set.
>
> So, what's the solution? Maybe it is imposible? But I have looked through
> wondershaper and I saw that there are source  address filters.
>
> Please give me a hint. I am using kernel 2.4.20.
The solution is to mark the packets when they enter your firewall.  Give each 
ip a different mask (so this happens before the src address is rewritten).  
When they leave the firewall, you can use that mark with the fw filter.  That 
mark only exists in your kernel memory, so it's only valid in your firewall.

Stef

-- 

stef.coene@xxxxxxxxx
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net



[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux