sorry if I will ask what is obvious to most of you, but I read thru tonnes of mangle/p2p related topics, but I did not find satisfactory enough answer to following:
what chain should I use for mangle - prerouting or forward, and what are consequences in the case of using NAT (masquarading network)? Here is what is my level of understanding of topic:
when network is not NATted, we are simply ok with packet-marks. If network is NATted though, we need to conntracking capability, and mark connections first. Am I right?
then I can see several aproaches - some use forward chain for marking, some use prerouting chain. E.g. on our router, if I had p2p marked in forward chain, it showed 0 for outgoing traffic (Simple queue). When I changed mangle rules to prerouting chain, it started to show actually some traffic going via particular SQ. Do I suspect correctly, that pre(post)routing happens before respective NAT is applied, whereas forward chain is entered after the NAT?
but - I would like to know, if there is any difference in SQ vs QT, and to actually WHEN/WHERE they happen?
I am looking at flow-diagram chart, but not successfull in imagining, what is happening and where …
Thanks for the tip, Eugene. But in my post I already stated that I “know” about this manual page, looked into it several times, but maybe it is just behind of level of my ability to understand things.
I mean - I understand it, as I read it, but I am not able to answer myself questions as e.g.
why, using SQ, mangling p2p in forward chain (as in manual or various examples), on router where masquarading is being done, SQ upload rate says at 0, while changing mangle rules to prerouting chain, SQ counter starts to show even upload?
That is why I am asking those small questions - maybe answer to those will help me to understand bigger picture
why, using SQ, mangling p2p in forward chain (as in manual or various examples), on router where masquarading is being done, SQ upload rate says at 0, while changing mangle rules to prerouting chain, SQ counter starts to show even upload?
Because one simple queue places three real queues (one in global-in, one in global-out and one in global-total). All these queues have to know about packet marks. So you have to mangle before packet enters global-in. That’s prerouting.
