From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Tue, 25 Jan 2005 12:41:31 +0000 Subject: Re: [LARTC] Re: Confuse, putting packets in wrong mangle table. Message-Id: <41F63E7B.30202@dsl.pipex.com> List-Id: References: <200501191657.15767.rio@martin.mu> In-Reply-To: <200501191657.15767.rio@martin.mu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Rio Martin. wrote: > On Wed, 19 Jan 2005 09:19:58 +0100 T=F3th N=E1ndor wrot= e: > Rio Martin. wrote: >=20 >>>Folks, >>>I am a little bit confuse in how to put these packets into correct mangl= e=20 >>>table for traffic shaping. >>>This is what i ve planned to do: >>> >>>- - - - :eth0 [ LINUX-BOX ] eth1: - - - - >>> >>>Let say: >>>eth0: 220.100.1.1 >>>eth1: 192.168.1.1 >>>eth1:1 192.168.1.2 >>> >>>192.168.1.0/24 get natted into 220.100.1.1 before reaching the internet. >>>I put every packets coming from internet (eth0) this way: >>># iptables -t mangle -I PREROUTING -i eth0 .. * * * * >>> >>>But what if i would like to do the same way with ip 192.168.1.1 and=20 >>>192.168.1.2 ? How to put the packets in correct mangle table? >> >>You can only shape traffic leaving your interface. You have to shape the = >>incoming traffic at interface eth1, the outgoing traffic at interface eth= 0. >>This site is great for learning: >>http://www.knowplace.org/shaper/qdisc.html#egress >>I found to use iptables+CLASSIFY method the easiest way to classify packe= ts. >> >>Your question is a little dizzy... >=20 >=20 > Oopss sorry then :)) >=20 > Actually, there is squid proxy running in my box, with those two private = IPs=20 > (192.168.1.1 & 192.168.1.2) > Both get natted to 220.100.1.1. Is there only one proxy running? >=20 > I need to shape incoming traffic to both of these ips but i am affraid i = have=20 > to face that i am not able to shape traffic which is generate from this b= ox=20 > unless those two IPs were outside the box. Maybe true - maybe not you would need to test with imq. There is also a kernel option to do with nat of local connections. >=20 > If i have one more public IP than i should not so much worry about, cause= i=20 > can shape it using IMQ. >=20 > So any other ideas maybe? i'm thinkin just in case IMQ would help .. Possibly - but I don't understand your setup or what you want to shape :-) > Thanks for the info u gave anyway.. >=20 > - Rio.Martin - > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >=20 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/