[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: altq-(ipv6 tunnel|multiple ifs) questions



On Friday, May 30, 2003, at 15:26 US/Pacific, b bee wrote:

	# takes care of traffic going towards outside
	pass out on $ext_if .... queue q_on_ext_if keep state

that won't work, because $ext_if is being nat'ed. i need to use
seperate queues for some of the internal hosts (p2p host, server subnet,
wireless clients), and since nat comes before filtering, i would have no
way to distinguish between the hosts once the packets hit the filter.

Actually, there's a nat feature you might be able to make use of:


nat on $ext_if from <wireless> to any -> $trans_addr port 50000:55000

Then filter based on the source port, 49999><55001.

Unfortunately, this is currently broken for little-endian machines.
See my previous post.

Yeah, that can be a problem when doing NAT but only if you're
classifying traffic based on the source IP address or port. I suppose
the alternative is not to keep state on $int_if?

	pass in on $int_if ... queue q_on_ext_if
	pass out on $int_if ... queue q_on_int_if

i thought you needed to keep state to do queueing?

No, state is not required. The packets are tagged as they travel, the state entry just saves the tag.