Hi Marco, > Hello everybody. > I would like to do some kind of shaping inside an > ipsec tunnel implemented by Openswan and linux > 2.6.18.x with xfrm (no KLIPS): for example, to > limit outbound smtp traffic inside the tunnel. > Question: where should I attach the qdisc to? Eth0? > I'm asking this, because tcpdump only see the ESP > packet on the eth0 and not the 'clear' packet. Heh - just subscribed to LARC list because I'm working on a similar problem. Yes, you'll have to attach your classes to eth0 device. However, by the time qos gets to see the packets, they'll be encrypted, so you won't be able to just use tc filter with u32 classifier to select on port 25. What should work is to mark the packets in PREROUTING in the mangle table and assign them to the classes you want based on the fwmark: iptables -t mangle -A PREROUTING -d <private ip vpn remote side>/24 -p tcp -m multiport --port 25 -j MARK --set-mark 102 tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 102 fw flowid 1:20 Hope this helps, Martin _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
