sorry if I will ask what is obvious to most of you, but I read thru tonnes of mangle/p2p related topics, but I did not find satisfactory enough answer to following:
- what chain should I use for mangle - prerouting or forward, and what are consequences in the case of using NAT (masquarading network)? Here is what is my level of understanding of topic:
- when network is not NATted, we are simply ok with packet-marks. If network is NATted though, we need to conntracking capability, and mark connections first. Am I right?
- then I can see several aproaches - some use forward chain for marking, some use prerouting chain. E.g. on our router, if I had p2p marked in forward chain, it showed 0 for outgoing traffic (Simple queue). When I changed mangle rules to prerouting chain, it started to show actually some traffic going via particular SQ. Do I suspect correctly, that pre(post)routing happens before respective NAT is applied, whereas forward chain is entered after the NAT?
- but - I would like to know, if there is any difference in SQ vs QT, and to actually WHEN/WHERE they happen?
I am looking at flow-diagram chart, but not successfull in imagining, what is happening and where ....
Thanks for at least small pointers