Hi,
I have typical situation, local LAN with private addresses, translated via NAT to internet. I need to shape ingress traffic (from internet to local LAN) in several HTB queues accorting to destination (private not public) IP. So I need mark packets to divide them to corresponding queue. According to http://www.docum.org/stef.coene/qos/kptd/ I thing I have only one way how to do it, because MARK in PREROUTING is before (de)NAT
PREROUTING (de)NAT V FORWARD marking V FORWARD put to IMQ V HTB shapping V routing decision V output interface
It has a small problem. After PREROUTING some packets are routed to INPUT (packets intended for this machine for local processes)
Does exists solution how to NAT and MARK in PREROUTING, but in this order?
If you really need to shape for local and forwarded on ingress then you use IMQ + the IMQ NAT patch and use u32 to filter on dst IP (if you are masquerading a dynamic IP mark LAN traffic and use default for local).
If the traffic to local is not "bulk" ie just dns or ntp etc. then it would be less trouble to ignore it and just shape on your LAN facing interface marking on dst in postrouting or using u32 on dst - both should work, you may want to exclude traffic from server to LAN.
Andy.
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
