[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: altq-(ipv6 tunnel|multiple ifs) questions
On Friday, May 30, 2003, at 15:26 US/Pacific, b bee wrote:
# takes care of traffic going towards outside
pass out on $ext_if .... queue q_on_ext_if keep state
that won't work, because $ext_if is being nat'ed. i need to use
seperate queues for some of the internal hosts (p2p host, server
wireless clients), and since nat comes before filtering, i would have
way to distinguish between the hosts once the packets hit the filter.
Actually, there's a nat feature you might be able to make use of:
nat on $ext_if from <wireless> to any -> $trans_addr port 50000:55000
Then filter based on the source port, 49999><55001.
Unfortunately, this is currently broken for little-endian machines.
See my previous post.
Yeah, that can be a problem when doing NAT but only if you're
classifying traffic based on the source IP address or port. I suppose
the alternative is not to keep state on $int_if?
pass in on $int_if ... queue q_on_ext_if
pass out on $int_if ... queue q_on_int_if
i thought you needed to keep state to do queueing?
No, state is not required. The packets are tagged as they travel, the
state entry just saves the tag.