Hello all,

It appears that, for some reason I have thus far failed to understand when you use marking in iptables you then run into troubles if you attempt to do NAT (MAQUERADE).

Let me describe this in more detail.

We are attempting to use a network test environment named ATCD running it on a CentOS VM under VirtualBox. For more into on ATCD see:

https://github.com/facebook/augmented-traffic-control

The networking inside the VirtualBox environment is private so at some point before you get out of it you’ve got to have a NAT router – not necessarily on the same VM where the ATCD runs – which also is a router.

Be that as it may, ATCD uses a combination of iptables marking and tc to degrade/control network transmission quality in accordance with your settings. And it seems to work just fine up until you reach the NATing router – at which point the transmission drops to very slow if not non-existent.

An old article here makes a passing reference to a conflict between iptables marking and MASQ (NAT):

http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html

Unfortunately, the link to another text supposedly detailing how to deal with this is dead.

Has anybody encountered this? Any tips on how to fix this issue?

Thanks.

Boris.