All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Bandwith sharing in NAT environment.
@ 2003-08-09 16:30 Rajesh
  2003-08-09 21:23 ` Stef Coene
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Rajesh @ 2003-08-09 16:30 UTC (permalink / raw)
  To: lartc


Hi 

I wish to implement Bandwith sharing in a NAT environment.

The question is whether I can classify input packets on the basis of ip-addresses (private LAN addresses)? These packets finally need to be NATed before going on to Internet. 

Would the tc filters see the private addresses and put it in the appropriate classes or would the tc filters see only the NATed address and the filter would fail in putting the packets in the appropriate classes?

The n/w diag would be somewhat like this

private address LAN ips ------>iptables(NAT)------>Internet.

Can I mark packets using iptables matching source ip-address?
What address will tc filter see when the private addresses are masqueraded ?

Any help is most welcome.

Cheers,
Rajesh

 


_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] Bandwith sharing in NAT environment.
  2003-08-09 16:30 [LARTC] Bandwith sharing in NAT environment Rajesh
@ 2003-08-09 21:23 ` Stef Coene
  2003-08-14 11:15 ` Raghuveer
  2003-08-14 11:26 ` S Mohan
  2 siblings, 0 replies; 4+ messages in thread
From: Stef Coene @ 2003-08-09 21:23 UTC (permalink / raw)
  To: lartc

On Saturday 09 August 2003 18:30, Rajesh wrote:
> Hi
>
> I wish to implement Bandwith sharing in a NAT environment.
>
> The question is whether I can classify input packets on the basis of
> ip-addresses (private LAN addresses)? These packets finally need to be
> NATed before going on to Internet.
>
> Would the tc filters see the private addresses and put it in the
> appropriate classes or would the tc filters see only the NATed address and
> the filter would fail in putting the packets in the appropriate classes?
>
> The n/w diag would be somewhat like this
>
> private address LAN ips ------>iptables(NAT)------>Internet.
>
> Can I mark packets using iptables matching source ip-address?
Yes.

> What address will tc filter see when the private addresses are masqueraded
> ?
The ip address of your firewall.  So you have to mark the packets in 
prerouting before the natting....

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] Bandwith sharing in NAT environment.
  2003-08-09 16:30 [LARTC] Bandwith sharing in NAT environment Rajesh
  2003-08-09 21:23 ` Stef Coene
@ 2003-08-14 11:15 ` Raghuveer
  2003-08-14 11:26 ` S Mohan
  2 siblings, 0 replies; 4+ messages in thread
From: Raghuveer @ 2003-08-14 11:15 UTC (permalink / raw)
  To: lartc


Rajesh wrote:

>Hi 
>
>I wish to implement Bandwith sharing in a NAT environment.
>
>The question is whether I can classify input packets on the basis of ip-addresses (private LAN addresses)? These packets finally need to be NATed before going on to Internet. 
>
>Would the tc filters see the private addresses and put it in the appropriate classes or would the tc filters see only the NATed address and the filter would fail in putting the packets in the appropriate classes?
>
>The n/w diag would be somewhat like this
>
>private address LAN ips ------>iptables(NAT)------>Internet.
>  
>
private address LAN ips ------>tc(netlink)--------->iptables(NAT)------>Internet
I feel this is how it is...so dnat will be after tc in LAN to WAN and snat will be before tc in WAN to LAN.

-Raghu

>Can I mark packets using iptables matching source ip-address?
>What address will tc filter see when the private addresses are masqueraded ?
>
>Any help is most welcome.
>
>Cheers,
>Rajesh
>
> 
>
>
>_______________________________________________
>No banners. No pop-ups. No kidding.
>Introducing My Way - http://www.myway.com
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>  
>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: [LARTC] Bandwith sharing in NAT environment.
  2003-08-09 16:30 [LARTC] Bandwith sharing in NAT environment Rajesh
  2003-08-09 21:23 ` Stef Coene
  2003-08-14 11:15 ` Raghuveer
@ 2003-08-14 11:26 ` S Mohan
  2 siblings, 0 replies; 4+ messages in thread
From: S Mohan @ 2003-08-14 11:26 UTC (permalink / raw)
  To: lartc

In a NAT environment, it is advisable to mark packets in prerouting stage.
Subsequently, till the packets leaves the system , the mark will not be
changed by any other process except a explicit mark iptables statement. Even
if NAT changes IP address, the fw mark will still be the same allowing for
classification. AFAIK, mark can have values rangign from 1 to 255.

Mohan

-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
Behalf Of Raghuveer
Sent: Thursday, August 14, 2003 4:33 PM
To: rajesh_khanduja@myway.com
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Bandwith sharing in NAT environment.



Rajesh wrote:

>Hi
>
>I wish to implement Bandwith sharing in a NAT environment.
>
>The question is whether I can classify input packets on the basis of
ip-addresses (private LAN addresses)? These packets finally need to be NATed
before going on to Internet.
>
>Would the tc filters see the private addresses and put it in the
appropriate classes or would the tc filters see only the NATed address and
the filter would fail in putting the packets in the appropriate classes?
>
>The n/w diag would be somewhat like this
>
>private address LAN ips ------>iptables(NAT)------>Internet.
>
>
private address LAN
ips ------>tc(netlink)--------->iptables(NAT)------>Internet
I feel this is how it is...so dnat will be after tc in LAN to WAN and snat
will be before tc in WAN to LAN.

-Raghu

>Can I mark packets using iptables matching source ip-address?
>What address will tc filter see when the private addresses are masqueraded
?
>
>Any help is most welcome.
>
>Cheers,
>Rajesh
>
>
>
>
>_______________________________________________
>No banners. No pop-ups. No kidding.
>Introducing My Way - http://www.myway.com
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>
>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-08-14 11:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-09 16:30 [LARTC] Bandwith sharing in NAT environment Rajesh
2003-08-09 21:23 ` Stef Coene
2003-08-14 11:15 ` Raghuveer
2003-08-14 11:26 ` S Mohan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.