[lug] netfilter strangeness
Daniel Webb
lists at danielwebb.us
Mon May 30 22:02:44 MDT 2005
On Mon, May 30, 2005 at 07:49:43PM -0600, Sean Reifschneider wrote:
> My understanding is that an Access Point in infrastructure mode doesn't
> pass the wireless machine-to-machine traffic through the kernel routing
> or other layers in the kernel, they get shunted off to the other machines
> by the wireless AP driver and you really don't have an opportunity to do
> filtering or shaping on them. This would also explain why in!=out. It's
> similar in notion to running a switch between the internal machines, but
> the wireless AP driver is implementing this switching. In promiscuous mode
> you can see these packets, but not control them.
Ah, I see. I guess that makes sense from an efficiency standpoint, but it's a
shame for my situation because it means I'm going to need to set up traffic
shaping on all the machines to make sure that file transfers within the LAN
don't kill VOIP and VNC. It's still pretty cool that I can get advanced
traffic shaping (htb qdisc is amazing), routing, and a stateful firewall on
such a little $65 machine.
More information about the LUG
mailing list