Re: Mark traffic on one machine, match on another machine?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 28-11-2012 05:25, Steven Kath wrote:
Is there a way to mark traffic on one machine and match the
mark on another machine? so I can classify traffic on the
proxy server and shape it on the router?

This question is a good example of the rationale for the
TOS/DSCP header on IPv4 packets. netfilter/iptables are
quite capable of matching and manipulating the DSCP field,
as are some proxy servers.
--

+1 to above.

Alternatively, you could route the packet from the proxy to a different, secondary IP on the router. The router could then shape all the traffic that arrives on the secondary IP. You can achieve the secondary IP with sub-interfaces, secondary IP in the same subnet, or separate VLAN interfaces

I don't think there is any net-filter tagging, in the way that you can tag packets in rules while it passes internally through the proxy, that would be visible externally to the router.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux