[LARTC] Packet marking for ingress shapping and NAT
Patrick Spousta
spousta@brn.czn.cz
Tue, 11 May 2004 06:25:00 +0200
Andy Furniss wrote:
> Patrick Spousta wrote:
>
>> It looks working fine :-) I never found any details about IMQ and NAT
>> patch, it looks that packet processing in kernel has path
>>
>> | PREROUTING chain |
>> input interface -> contrack -> mangle -> nat -> imq
>
>
> So which IMQ did you use - did you need to patch for NAT (there are
> different versions about)
Now I'm using patches from http://www.digriz.org.uk/jdg-qos-script/
(latest version which contains patches for IMQ, IMQ+NAT, ESFQ, IPP2P,
CONNMARK, also recompiledtc andlibrarie for iptables, nice package) on
kernel 2.4.25. It works good.
>
>> ESFQ works fine, but only for ingress shapping over imq and NAT with
>> destination hash (== download on private IPs). I'm trying to setup
>> ESFQ on egress shaping for traffic from private to public IPs with
>> source hash (upload from private) but qdisc sits after NAT, ie.
>> packets source addresses are always the same public IP of external
>> (wan) interface :-(
>>
>> I try to use imq for egress shapping (on POSTROUTING chain), may it helps
>
>
> I don't think IMQ will help - but you can mark local src in postrouting
Do you mean manualy configured marking for many, many IP addresses? I
think it isn't right way :-( I like ESFQ for it's source or destination
hash because I don't need to setup any filters/markers for those IPs,
ESFQ creats it's own queues for each IP.
In POSTROUTING chain it normaly look like this
... -> mangle -> nat -> imq -> (output interface)
I don't understand C language so I don't understand IMQ+NAT patch, but
I'll try to use imq for egress shapping. Maybe the patch is working
identically on PRE i POST chains.
Patrick
> mangle OK. If you really want to use esfq, someone posted a patch on
> here a while back which made esfq hash on fwmark.
>
> Andy.
>
>