Hi Daniel,
Daniel Sercaianu wrote:
> I have the following problems:
> I cannot shape the ip xxx.xxx.xxx.xxx when I do SNAT or MASQUERADE with
> them. Otherwise when I remove these two iptables lines the shaping works
> perfectly.
>
> It is very important for me to shape the xxx.xxx.xxx.xxx ip and not the
> yyy.yyy.yyy.yyy. When I tried to shape yyy.yyy.yyy.yyy, it worked.
>
> What rules should be added to make this possible?
>
>
> My iptables rules are:
>
> iptables -A PREROUTING -t mangle -s xxx.xxx.xxx.xxx -j MARK --set-mark 1
> iptables -A POSTROUTING -t nat -s xxx.xxx.xxx.xxx -j SNAT --to zzz.zzz.zzz.zzz -o
>eth4
>
>
>
> iptables -t mangle -I PREROUTING -j IMQ
> ip link set imq0 up
>
>
> ip rule shows the following output:
>
> 32764: from zzz.zzz.zzz.0/24 lookup ew
> 32765: from all fwmark 1 lookup ew
> 32766: from all lookup main
> 32767: from all lookup default
>
>
>
>
> My tc + htb rule look like this:
>
> /sbin/tc qdisc add dev imq0 root handle 1: htb default 200 r2q 3
> /sbin/tc class add dev imq0 parent 1:0 classid 1:1 htb rate 100Mbit ceil 100Mbit
>burst 2k prio 5
>
> /sbin/tc filter add dev imq0 parent 1:0 protocol ip prio 5 handle 1: u32 divisor 256
>
> /sbin/tc class add dev imq0 parent 1:1 classid 1:2 htb rate 512kbit ceil 512kbit
>burst 2k prio 5
> /sbin/tc qdisc add dev imq0 parent 1:2 handle 10: sfq quantum 1514b perturb 10
> /sbin/tc filter add dev imq0 parent 1:0 protocol ip prio 5 u32 match ip dst
>xxx.xxx.xxx.xxx flowid 1:2
If i understood you right this is probably not working because imq sees
packets before zzz.zzz.zzz.zzz is dnated back to xxx.xxx.xxx.xxx. please
try the attached patch.
bye
patrick
--- imq.c.orig Sun Aug 11 15:30:24 2002
+++ imq.c Sun Aug 11 15:31:17 2002
@@ -37,7 +37,7 @@
imq_nf_hook,
PF_INET,
NF_IP_PRE_ROUTING,
- NF_IP_PRI_MANGLE + 1
+ NF_IP_PRI_NAT_DST + 1
};
static struct nf_hook_ops imq_egress_ipv4 = {
@@ -54,7 +54,7 @@
imq_nf_hook,
PF_INET6,
NF_IP6_PRE_ROUTING,
- NF_IP6_PRI_MANGLE + 1
+ NF_IP6_PRI_NAT_SRC + 1
};
static struct nf_hook_ops imq_egress_ipv6 = {
