[LARTC] beginner question about imq
Szálka Tamás
rontombontom@freestart.hu
Wed, 10 Sep 2003 20:13:57 +0200
At 16:51 2003. 09. 10. +0530, you wrote:
>Szálka Tamás wrote:
>
>>Hi!
>>
>>I have to make a firewall which guarantees bandwidth to several clients
>>(both upstream and downstream should be limitied). It has three
>>interfaces, eth0 facing to the internet, eth1 to local network with
>>several ip addresses (different subnets) and eth2 to dmz (webserver).
>>Egress traffic is ok, I set up the tc rules to eth0 and the upstream
>>limiting is fine. But I have to manage bandwidth of downloading too.
>>While eth0 has one public ip address, the firewall does masquerading to
>>the local subnets (with local ip ranges). So should I set up an imq
>>device on eth1 with iptables mangle through the prerouting chain to do
>>traffic shaping to the subnets? In this case the packets arrive to eth1
>>already masqueraded (am I right?) and I can limit the ingress traffic of=
>>local adresses. Or should I use the imq on eth0? Doesn't it bothers
>>egress shaping? I'm confused a little bit... :-s
>>Can you help me?
>>
>>Thanks
>>Tom
>I feel imq+HTB on eth0 is an ideal solution for ur requirement.
>
>Regards
>-Raghu
I'd like to filter the packages on their SNAT-ed (local) ip addresses. when
the package enters the IMQ right after the iptables PREROUTING chain, does
it have SNAT-ed ip addresses? As far as I know the SNAT happens in the
POSTROUTING chain. Am I wrong? Or am I even more confused? :)
Tom