* [LARTC] IMQ & NAT
@ 2004-04-04 23:09 Joan Fuster Monzó
2004-04-05 15:58 ` Andre Correa
2004-04-05 22:55 ` Joan Fuster Monzó
0 siblings, 2 replies; 5+ messages in thread
From: Joan Fuster Monzó @ 2004-04-04 23:09 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 3534 bytes --]
Hi all, my IMQ device works OK (thanks to Andy Furniss), but now I've
problems to attach the traffic in the qdisc's. This is my conf:
-----------------------------------------------------------------------
INET
|
|eth0 300Kbps
ROUTER (NAT)
|eth1
|
LAN
-----------------------------------------------------------------------
MAX=300
tc qdisc add dev imq0 root handle 1: htb default 13
tc class add dev imq0 parent 1: classid 1:1 htb rate ${MAX}kbit ceil
${MAX}kbit
tc class add dev imq0 parent 1:1 classid 1:10 htb rate 60kbit ceil
${MAX}kbit prio 0
tc class add dev imq0 parent 1:1 classid 1:11 htb rate 40kbit ceil
${MAX}kbit prio 1
tc class add dev imq0 parent 1:1 classid 1:12 htb rate 100kbit ceil
${MAX}kbit prio 2
tc class add dev imq0 parent 1:1 classid 1:13 htb rate 100kbit ceil
${MAX}kbit prio 3
tc qdisc add dev imq0 parent 1:10 handle 100: sfq
tc qdisc add dev imq0 parent 1:11 handle 110: sfq
tc qdisc add dev imq0 parent 1:12 handle 120: sfq
tc qdisc add dev imq0 parent 1:13 handle 130: sfq
tc filter add dev imq0 parent 1:0 protocol ip prio 1 handle 1 fw classid
1:10
tc filter add dev imq0 parent 1:0 protocol ip prio 2 handle 2 fw classid
1:11
tc filter add dev imq0 parent 1:0 protocol ip prio 3 handle 3 fw classid
1:12
tc filter add dev imq0 parent 1:0 protocol ip prio 4 handle 4 fw classid
1:13
ip link set imq0 up
iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0
#ICMP
iptables -t mangle -A PREROUTING -i eth0 -p icmp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -p icmp -j RETURN
#SSH
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 22 -j MARK
--set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 22 -j RETURN
...
------------------------------------------------------------------------
I've patched the IMQ with the imq-nat patch, but all traffic goes to
1:13
#tc -s class show dev imq0
-------------------------------------------------------------------------
...
class htb 1:13 parent 1:1 leaf 130: prio 3 rate 100Kbit ceil 300Kbit
burst 1727b cburst 1983b
Sent 8981846847 bytes 18055130 pkts (dropped 99, overlimits 0)
lended: 8947767 borrowed: 9107363 giants: 0
tokens: 136320 ctokens: 52265
class htb 1:12 parent 1:1 leaf 120: prio 2 rate 100Kbit ceil 300Kbit
burst 1727b cburst 1983b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 138240 ctokens: 52905
---------------------------------------------------------------------------
What happens?? I'm newbie in IMQ... Sorry for the long text ;) Thanks
for the help!!
Joan
[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] IMQ & NAT
2004-04-04 23:09 [LARTC] IMQ & NAT Joan Fuster Monzó
@ 2004-04-05 15:58 ` Andre Correa
2004-04-05 22:55 ` Joan Fuster Monzó
1 sibling, 0 replies; 5+ messages in thread
From: Andre Correa @ 2004-04-05 15:58 UTC (permalink / raw)
To: lartc
Hi Joan, can you please tell us what version of kernel and iptables are
you using?
Are you using Patrick McHardy's / www.linuximq.net original IMQ
implementation?
tks
Andre Correa
www.linuximq.net
Joan Fuster Monzó wrote:
> Hi all, my IMQ device works OK (thanks to Andy Furniss), but now I've
> problems to attach the traffic in the qdisc's. This is my conf:
>
> -----------------------------------------------------------------------
> INET
> |
> |eth0 300Kbps
> ROUTER (NAT)
> |eth1
> |
> LAN
> -----------------------------------------------------------------------
>
> MAX00
>
> tc qdisc add dev imq0 root handle 1: htb default 13
>
> tc class add dev imq0 parent 1: classid 1:1 htb rate ${MAX}kbit ceil
> ${MAX}kbit
>
> tc class add dev imq0 parent 1:1 classid 1:10 htb rate 60kbit ceil
> ${MAX}kbit prio 0
> tc class add dev imq0 parent 1:1 classid 1:11 htb rate 40kbit ceil
> ${MAX}kbit prio 1
> tc class add dev imq0 parent 1:1 classid 1:12 htb rate 100kbit ceil
> ${MAX}kbit prio 2
> tc class add dev imq0 parent 1:1 classid 1:13 htb rate 100kbit ceil
> ${MAX}kbit prio 3
>
> tc qdisc add dev imq0 parent 1:10 handle 100: sfq
> tc qdisc add dev imq0 parent 1:11 handle 110: sfq
> tc qdisc add dev imq0 parent 1:12 handle 120: sfq
> tc qdisc add dev imq0 parent 1:13 handle 130: sfq
>
> tc filter add dev imq0 parent 1:0 protocol ip prio 1 handle 1 fw classid
> 1:10
> tc filter add dev imq0 parent 1:0 protocol ip prio 2 handle 2 fw classid
> 1:11
> tc filter add dev imq0 parent 1:0 protocol ip prio 3 handle 3 fw classid
> 1:12
> tc filter add dev imq0 parent 1:0 protocol ip prio 4 handle 4 fw classid
> 1:13
>
> ip link set imq0 up
>
> iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0
>
> #ICMP
> iptables -t mangle -A PREROUTING -i eth0 -p icmp -j MARK --set-mark 1
> iptables -t mangle -A PREROUTING -i eth0 -p icmp -j RETURN
>
> #SSH
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 22 -j MARK
> --set-mark 1
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 22 -j RETURN
>
> ...
> ------------------------------------------------------------------------
>
> I've patched the IMQ with the imq-nat patch, but all traffic goes to
> 1:13
>
> #tc -s class show dev imq0
> -------------------------------------------------------------------------
> ...
>
> class htb 1:13 parent 1:1 leaf 130: prio 3 rate 100Kbit ceil 300Kbit
> burst 1727b cburst 1983b
> Sent 8981846847 bytes 18055130 pkts (dropped 99, overlimits 0)
> lended: 8947767 borrowed: 9107363 giants: 0
> tokens: 136320 ctokens: 52265
>
> class htb 1:12 parent 1:1 leaf 120: prio 2 rate 100Kbit ceil 300Kbit
> burst 1727b cburst 1983b
> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> lended: 0 borrowed: 0 giants: 0
> tokens: 138240 ctokens: 52905
>
> ---------------------------------------------------------------------------
>
> What happens?? I'm newbie in IMQ... Sorry for the long text ;) Thanks
> for the help!!
>
> Joan
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] IMQ & NAT
2004-04-04 23:09 [LARTC] IMQ & NAT Joan Fuster Monzó
2004-04-05 15:58 ` Andre Correa
@ 2004-04-05 22:55 ` Joan Fuster Monzó
1 sibling, 0 replies; 5+ messages in thread
From: Joan Fuster Monzó @ 2004-04-05 22:55 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 753 bytes --]
El lun, 05-04-2004 a las 17:58, Andre Correa escribió:
> Hi Joan, can you please tell us what version of kernel and iptables are
> you using?
Kernel -> 2.6.3
Iptables -> 1.2.9
> Are you using Patrick McHardy's / www.linuximq.net original IMQ
> implementation?
I can't apply imq-nat patch to the imq patch, both from www.linuximq.net
(only the imq). I used this patches
http://www.digriz.org.uk/jdg-qos-script/releases/binaries-latest.tar.bz2
Finally, this is my new IMQ conf:
iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 0
iptables -t mangle -A POSTROUTING -p tcp -o eth1 --sport 80 -j MARK
--set-mark 3
iptables -t mangle -A POSTROUTING -p tcp -o eth1 --sport 80 -j RETURN
...
Thanks Roy!
Joan
[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [LARTC] IMQ + NAT
@ 2006-06-02 20:42 Jonas Jasas
2006-06-06 14:35 ` Andy Furniss
0 siblings, 1 reply; 5+ messages in thread
From: Jonas Jasas @ 2006-06-02 20:42 UTC (permalink / raw)
To: lartc
Hello,
I have
eth0 - internet
eth1..4 - local networks
on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
I want to balance out/in load for eth1..4 and localhost (mainly
squid). Nat makes impossible to do it on eth0, so I installed IMQ. I
need to get to on imq0 unnnated in/out traffic that I could make
priorities for protocols and networks. Do somthing like this:
prate=1Mbit
localhost: rateP0kbit, ceil=prate
vnc: rate\x100kbit, ceil=prate
web: rate\x100kbit, ceilp=prate
mail: rate\x100kbit, ceil=prate
eth1: rate@0kbit, ceil=prate
ftp: rate\x10kbit, ceil=prate
....
eth2..4: rate\x100kbit, ceil=prate (eth2...eth4 would split the same 100kbit)
rdp: rateêkbit, ceil=prate
......
This load balance would be applyed for outgoing and incoming internet
traffic. Where and how in iptables would be correct to "-j IMQ" ?
Thank you!
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] IMQ + NAT
2006-06-02 20:42 [LARTC] IMQ + NAT Jonas Jasas
@ 2006-06-06 14:35 ` Andy Furniss
0 siblings, 0 replies; 5+ messages in thread
From: Andy Furniss @ 2006-06-06 14:35 UTC (permalink / raw)
To: lartc
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="windows-1252", Size: 1550 bytes --]
Jonas Jasas wrote:
> Hello,
>
> I have
> eth0 - internet
> eth1..4 - local networks
> on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
>
> I want to balance out/in load for eth1..4 and localhost (mainly
> squid). Nat makes impossible to do it on eth0, so I installed IMQ. I
> need to get to on imq0 unnnated in/out traffic that I could make
> priorities for protocols and networks. Do somthing like this:
> prate=1Mbit
>
> localhost: rateP0kbit, ceil=prate
> vnc: rate\x100kbit, ceil=prate
> web: rate\x100kbit, ceilp=prate
> mail: rate\x100kbit, ceil=prate
> eth1: rate@0kbit, ceil=prate
> ftp: rate\x10kbit, ceil=prate
> ....
> eth2..4: rate\x100kbit, ceil=prate (eth2...eth4 would split the same
> 100kbit)
> rdp: ratekbit, ceil=prate
> ......
>
> This load balance would be applyed for outgoing and incoming internet
> traffic. Where and how in iptables would be correct to "-j IMQ" ?
Whether IMQ hooks before or after NAT is in the kernel config for 2.6
and needs patches for 2.4.
You need AB = after prerouting, before postrouting (though you could do
the latter with marks). IMQ logs where it hooks WRT NAT when loaded.
Ingress traffic will be hooked by -j IMQ --todev 0 in PREROUTING mangle,
egress by -j IMQ --todev 1 in POSTROUTING mangle.
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2006-06-06 14:35 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-04 23:09 [LARTC] IMQ & NAT Joan Fuster Monzó
2004-04-05 15:58 ` Andre Correa
2004-04-05 22:55 ` Joan Fuster Monzó
-- strict thread matches above, loose matches on Subject: below --
2006-06-02 20:42 [LARTC] IMQ + NAT Jonas Jasas
2006-06-06 14:35 ` Andy Furniss
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.