KROK 1 - robimy madrze NATa

iptables -t nat -A POSTROUTING -o eth0 -s LOKALNA_PODSIEC -j SNAT --to-source PUBLICZNE_IP

KROK 2 - IMQ

iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0

KROK 3 - wprowadzamy reguły iptables odpowiedzialne za podstawowe markowanie połączeń z gatunku interaktywne (np. mark 4):

iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto rtp -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto rtsp -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto h323 -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto skypeout -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto skypetoskype -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto teamspeak -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto ventrilo -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p tcp -m layer7 --l7proto worldofwarcraft -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto worldofwarcraft -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto halflife2-deathmatch -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto quake1 -j CONNMARK --set-mark 4
iptables -A PREROUTING -t mangle -p udp -m layer7 --l7proto quake-halflife -j CONNMARK --set-mark 4

KROK 4 - markujemy ruch do wszelkich tubów (np. mark 7)

iptables -A PREROUTING -t mangle -p tcp --dport 80 -m layer7 --l7proto httpvideo -j CONNMARK --set-mark 7

KROK 5 - markujemy p2p (np. mark 9)

iptables -A PREROUTING -t mangle -m layer7 --l7proto bittorrent -j CONNMARK --set-mark 9
iptables -A PREROUTING -t mangle -m layer7 --l7proto directconnect -j CONNMARK --set-mark 9
iptables -A PREROUTING -t mangle -m layer7 --l7proto edonkey -j CONNMARK --set-mark 9
iptables -A PREROUTING -t mangle -m layer7 --l7proto fasttrack -j CONNMARK --set-mark 9
iptables -A PREROUTING -t mangle -m layer7 --l7proto gnutella -j CONNMARK --set-mark 9
iptables -A PREROUTING -t mangle -m layer7 --l7proto rapidshare -j CONNMARK --set-mark 9

KROK 6 - odtwarzamy marki połączeń - bardzo ważne!

iptables -A PREROUTING -t mangle -m connmark --mark 4 -j CONNMARK --restore-mark
iptables -A PREROUTING -t mangle -m connmark --mark 7 -j CONNMARK --restore-mark
iptables -A PREROUTING -t mangle -m connmark --mark 9 -j CONNMARK --restore-mark