EKC wrote:
Hello,
However, the same lartc ingress filter rules work fine when run on the
NAT gateway address (10.32.4.2).
The QoS processing is done just before the device queue for egress or
immediately after ingress from the device. Thus using the 192.168.x.x
addresses for tc filters will not work. Using the gateway address works
as that is the IP on the incoming packet's header.
I suppose this means that the ingress filter is being run too early in
the PREROUTING chain to catch the NAT'ed destination address. Is there
a patch to change this behaviour?
I've not seen one.
I've also tried using connmark to no avail.
Ingress QoS works much before packet hits all this stuff.
I would rather avoid using IMQ since my ingress QOS needs are pretty
simple.
AFAIK, there is no other choice/way here.
Any suggestions?
One wa of doing this is to use one NAT IP per subnet and shape based on
that NAT IP for ingress. However, this assumes you have as many
addresses on the gateway as the subnet. I'm using you do as the NAT'ted
IP is also a RFC1918 address. That leads to a more basic question - why
NAT when both are RFC1918 addresses?
Mohan
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
