Jens Thiele wrote:
Hi,
I have the same question.
What about
Internet -> eth1 -> iptables -> Local Process ?
First I thought it should be easy to put a virtual interface in between:
Internet <-> eth1 <-> virtual dev (maybe tun/tap or modified
dummy) <-> local process or routing <-> eth0 <-> LAN
Then I could use egress shaping on eth1 and the virtual device
(and have a setup as simple as a "plain router setup")
But I did not manage to do this yet. Anybody using a setup like this
one? (maybe bridging or iptables -j ROUTE might help? it seems
impossible to force a packet to pass through netfilter for a second time)
Greetings
Jens
You have to use IMQ for that. IMQ act as "dummy" device which hooks
itself to iptables after NAT (or before, depends on config) so you can
use egress shaping on it before packet reach local proces or forwarding.
You can't use IFB in your case because packet goes to IFB before NAT and
thus you don't know if it is designated for router itself or client
behind NAT.
/ak
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
