Re: Ingress qdisc bypassed on SNAT'ed traffic?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Unfortunately, that NAT gateway address should have been a routable
address (I'm debugging this in vmware at the moment).

Considering that, it looks like I'm going to have to play around with IMQ.


On 11/5/06, Mohan Sundaram <mohan.tux@xxxxxxxxx> wrote:
EKC wrote:
> Hello,

> However, the same lartc ingress filter rules work fine when run on the
> NAT gateway address (10.32.4.2).
The QoS processing is done just before the device queue for egress or
immediately after ingress from the device. Thus using the 192.168.x.x
addresses for tc filters will not work. Using the gateway address works
as that is the IP on the incoming packet's header.
>
> I suppose this means that the ingress filter is being run too early in
> the PREROUTING chain to catch the NAT'ed destination address. Is there
> a patch to change this behaviour?
I've not seen one.
>
> I've also tried using connmark to no avail.
Ingress QoS works much before packet hits all this stuff.
>
> I would rather avoid using IMQ since my ingress QOS needs are pretty
> simple.
AFAIK, there is no other choice/way here.
>
> Any suggestions?
One wa of doing this is to use one NAT IP per subnet and shape based on
that NAT IP for ingress. However, this assumes you have as many
addresses on the gateway as the subnet. I'm using you do as the NAT'ted
IP is also a RFC1918 address. That leads to a more basic question - why
NAT when both are RFC1918 addresses?

Mohan


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux