[ANNOUNCE] Proceedings of Netfilter Developer Workshop 2004

Henrik Nordstrom hno at marasystems.com
Mon Sep 27 16:58:23 CEST 2004


On Mon, 27 Sep 2004, Piotr [iso-8859-2] Gasid=B3o wrote:

> Target is useful when using MASQUERADE or SNAT. Using tc we are *unable=
*
> to put outgoing trafic from single IP (behind masquerade) into queue
> created on outgoing interface. With this target we can mark packets fro=
m
> each internal IP and then, using tc filter fw put it into queues. This
> target replaces many MARK rules, which can be really CPU hog.

How I think this should be addressed is via tc filter which looks into=20
conntrack to find the original addresses before NAT. See the conntrack=20
match for clues.

Another approach would be to use the CLASSIFY target instead of tc=20
filters.

Regards
Henrik



More information about the netfilter-devel mailing list