Tuesday, January 18, 2011

IP Forwarding and traffic shaping

Is there any way to forward packets from network A to network B (just like a router) without changing source IP Address (and vice versa, from network B to network A) and also enforcing traffic shaping rules?

The solution should be implemented in FreeBSD.

I googled about traffic shaping in FreeBSD and found ALTQ but i am not sure whether it is possible to forwards packets with ALTQ transparently or not.

If it's possible then it's likely that i could setup a network with a Squid server (for caching and more imporant logging user's download/upload) and ALTQ (or something else) to manage their bandwidth. So my network architecture will be:

Internet <==> SquidServer <==> TrafficshapingServer <==> LocalNetwork

But if TrafficShaping replaces SourceIP of packets with his IP Address, logs of Squid becomes useless. because Squid didn't know which packet is from which IP Address (all Squid see is TrafficShaping IPAddress)

  • Sure, routers don't ordinarily change source/destination IP addresses; only NATting routers do that. So, just don't use NAT, and all will work fine.

    Isaac : So it is possible `route`ing without `NAT`ing in ALTQ?
    womble : I'd be surprised if it couldn't be.
    From womble
  • I'm not familiar with it, but I'd be wiling to bet that the TrafficShaper you're referring to is NAT'ing primarily to guarantee that traffic returns via the correct path. Otherwise you're likely to end up with an asynchronous routing problem, which will cause failure.

    One thing you might want to look into is inserting an X-Forwarded-For header at the squid server. This is actually a little more reliable method of tracking source in a proxy'ing environment as it inserts the data into the actual data instead of relying on IP header information.

0 comments:

Post a Comment