[CentOS] iptables marking and NAT issue
Boris Epstein
borepstein at gmail.comFri Apr 3 09:50:30 UTC 2015
- Previous message: [CentOS] Community voice (was [CentOS-announce] Release for CentOS Linux 7 (1503 ) on x86_64)
- Next message: [CentOS] Where's the debuginfo?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello all, It appears that, for some reason I have thus far failed to understand when you use marking in iptables you then run into troubles if you attempt to do NAT (MAQUERADE). Let me describe this in more detail. We are attempting to use a network test environment named ATCD running it on a CentOS VM under VirtualBox. For more into on ATCD see: https://github.com/facebook/augmented-traffic-control The networking inside the VirtualBox environment is private so at some point before you get out of it you've got to have a NAT router - not necessarily on the same VM where the ATCD runs - which also is a router. Be that as it may, ATCD uses a combination of iptables marking and tc to degrade/control network transmission quality in accordance with your settings. And it seems to work just fine up until you reach the NATing router - at which point the transmission drops to very slow if not non-existent. An old article here makes a passing reference to a conflict between iptables marking and MASQ (NAT): http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html Unfortunately, the link to another text supposedly detailing how to deal with this is dead. Has anybody encountered this? Any tips on how to fix this issue? Thanks. Boris.
- Previous message: [CentOS] Community voice (was [CentOS-announce] Release for CentOS Linux 7 (1503 ) on x86_64)
- Next message: [CentOS] Where's the debuginfo?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list