NAT & tc filter addresses

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Is there a flow diagram as to where tc actions take place with respect to NAT and other iptables functions on a multihomed box (private & public NICs) ? Are tc filter rules consulted before or after NATing?

My real interest is in basic understanding first, and then solving a real problem second.

Example:
Firewall Public NIC 123.123.123.1
Firewall Private NIC 192.168.168.1
Dedicated Video Conferencing equipment @ 192.168.168.100

I'd like to write a rule that says any traffic emanating from the private .100 box gets 128kbit of bandwidth out of a T1's total 1.55mbit as the traffic heads out on to the Internet to find the other end of the Video Conference.

The shaping occurs on the Public NIC, but the only address I have to work with is a private address. By time the traffic hits the public NIC and tc rules are applied, I suspect the packet no longer has a source IP of private .100, but has been NAT'd to the public NIC address. There's no way to distinguish private .100's traffic via IP address. by time the tc filters are queried. Is that correct?

What methods are available to do this? I can think of marking all the packets on the private side then looking for the marks on the public side. Or, NAT private.100 to a specific Public IP and then write rules for that new Public IP. What other options are there?

--
Bill Gradwohl
bill@xxxxxxx
http://www.ycc.com
SPAMstomper Protected email

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux