From: Marek Kierdelewicz <marek@piasta.pl>
To: Fabio De Paolis <fabiodepaolis@naxe.it>
Cc: netfilter@vger.kernel.org
Subject: Re: NAT Port Forward problem in a not so simple network
Date: Tue, 27 Jan 2009 21:34:27 +0100 [thread overview]
Message-ID: <20090127213427.54f5ee07@catlap> (raw)
In-Reply-To: <497F5C18.8010703@naxe.it>
>Hi to all,
Hi,
>This limit should be for upstram and dowstream
>I searched around and have read a lot about:
>shaper, wondershaper, tc, qdisc, etc.
>But I'm not sure what are pro and cons of each method.
>I'm sure you can tell more!
I recommend using tc tool[1]& IFB device[2] & htb qdisc[3] & u32
filter[4] for the job. Following page contains HTB user guide with
examples[5]. Building configuration to suit your needs shouldn't be too
hard. If you have any problems just ask.
General idea:
- Let's assume eth0 is your upstream interface (to Internet) that you do
NAT on and eth1 is downstream interface connected to servers,
- Downstream shaping would be done on eth1,
- Ingress traffic on eth1 would be redirected to ifb0 [2],
- Upstream shaping would be done on ifb0 (source addresses of
traffic from your servers would be pre-nat addresses, so no need for
iptables packet marking - u32 filter[4] is usable).
>And also about monitoring to see if it work:
>ntop, sntop, iptraf, etc.
tc tool[1] with specific parameters (eg. "tc -s -d class sh dev eth0")
can show you rates and pps of each class on specified interface.
Good luck in your endeavours.
[1] http://linux.die.net/man/8/tc
[2] http://www.linuxfoundation.org/en/Net:IFB
[3] http://linux.die.net/man/8/tc-htb
[4] http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.adv-filter.u32.html
[5] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm
Regards,
Marek Kierdelewicz
next prev parent reply other threads:[~2009-01-27 20:34 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-27 19:10 NAT Port Forward problem in a not so simple network Fabio De Paolis
2009-01-27 20:34 ` Marek Kierdelewicz [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-04-15 9:48 Fabio De Paolis
2008-04-15 12:15 ` whiplash
2008-04-15 15:01 ` Grant Taylor
2008-04-17 14:49 ` Pascal Hambourg
2008-04-17 14:56 ` Grant Taylor
2008-04-15 14:57 ` Grant Taylor
2008-04-15 16:22 ` Fabio De Paolis
2008-04-15 16:45 ` Grant Taylor
2008-04-16 13:54 ` Fabio De Paolis
2008-04-16 14:34 ` Grant Taylor
2008-04-18 13:43 ` Fabio De Paolis
2008-04-18 14:46 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090127213427.54f5ee07@catlap \
--to=marek@piasta.pl \
--cc=fabiodepaolis@naxe.it \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.