Unfortunately, that NAT gateway address should have been a routable address (I'm debugging this in vmware at the moment). Considering that, it looks like I'm going to have to play around with IMQ. On 11/5/06, Mohan Sundaram <mohan.tux@xxxxxxxxx> wrote:
EKC wrote: > Hello, > However, the same lartc ingress filter rules work fine when run on the > NAT gateway address (10.32.4.2). The QoS processing is done just before the device queue for egress or immediately after ingress from the device. Thus using the 192.168.x.x addresses for tc filters will not work. Using the gateway address works as that is the IP on the incoming packet's header. > > I suppose this means that the ingress filter is being run too early in > the PREROUTING chain to catch the NAT'ed destination address. Is there > a patch to change this behaviour? I've not seen one. > > I've also tried using connmark to no avail. Ingress QoS works much before packet hits all this stuff. > > I would rather avoid using IMQ since my ingress QOS needs are pretty > simple. AFAIK, there is no other choice/way here. > > Any suggestions? One wa of doing this is to use one NAT IP per subnet and shape based on that NAT IP for ingress. However, this assumes you have as many addresses on the gateway as the subnet. I'm using you do as the NAT'ted IP is also a RFC1918 address. That leads to a more basic question - why NAT when both are RFC1918 addresses? Mohan
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
