On Sunday 27 April 2003 08:43, Tadas wrote:
> Hello,
>
> I am building a gateway/shaper. As always, there is a locl network
> 192.168.3.0/24 and connection to internet. Gateway masquerades these
> connections. I need to limit upload and download speed for certain IPs.
> With download traffic everything is ok: i have put filters on the local
> netwrok interface. But I can't set up filters by source address on outgoing
> traffic - the interface which makes masquerading. I have noticed that all
> traffic have the same router source address set.
>
> So, what's the solution? Maybe it is imposible? But I have looked through
> wondershaper and I saw that there are source address filters.
>
> Please give me a hint. I am using kernel 2.4.20.
The solution is to mark the packets when they enter your firewall. Give each
ip a different mask (so this happens before the src address is rewritten).
When they leave the firewall, you can use that mark with the fw filter. That
mark only exists in your kernel memory, so it's only valid in your firewall.
Stef
--
stef.coene@xxxxxxxxx
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
