Re: [LARTC] Re: Confuse, putting packets in wrong mangle table.

From: Andy Furniss <andy.furniss@dsl.pipex.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Re: Confuse, putting packets in wrong mangle table.
Date: Sat, 29 Jan 2005 00:55:39 +0000	[thread overview]
Message-ID: <41FADF0B.4030508@dsl.pipex.com> (raw)
In-Reply-To: <200501191657.15767.rio@martin.mu>

Rio Martin. wrote:
> On Thursday 27 January 2005 12:37, Andy Furniss wrote:
> 
>>>I'll make it simple for you as possible.
>>>i have linux box which have eth0 220.1.1.1 as primary ip and aliasses:
>>>eth0:1 192.168.1.1 , eth0:1 192.168.1.2
>>>Both 192.168.1.1 & 192.168.1.2 NATed to 220.1.1.1
>>>OKay, now my question is:
>>>How do i manage and limit traffic generated from those ips (192.168.1.1 &
>>>192.168.1.2) ? Not just traffic outside, but traffic coming to those ips
>>>from Internet.
>>>I found it so difficult because traffic coming from internet to eth0 will
>>>be using 220.1.1.1 not 192.168.x.x
>>
>>If you use IMQ and get it to hook after NAT in PREROUTING then forwarded
>>traffic should have been denatted and have local addresses. You can use
>>TC filters to classify for htb etc.
>>Traffic from internet to squid will probably have 220. IP address.
> 
> 
> Thats what i'm worrying of, the ip address from internet would be 220.1.1.1, 
> not 192.168.x.x
> IMQ with iptables marking unable to mark the packets to 192.168.x.x

Iptables can't mark traffic from inet to lan, but imq hooked after nat 
in prerouting will see local addresses for inet to lan traffic and 
220.1.1.1 for traffic from inet to squid.

You use tc filters and u32 to match them eg.

$TC filter add dev $DWIF protocol ip parent 1:2 prio 1 u32 \
    match ip dst 192.168.0.2 flowid 1:32

> 
> 
>>If you want to try a way without IMQ then AIUI you can patch squid so
>>you can classify hit/miss traffic and then you could shape traffic as
>>egress on eth0. I don't use squid - but I assume here it limits the rate
>>it pulls miss pages to the rate that client requests.
>>http://www.docum.org/docum.org/faq/cache/65.html
> 
> 
> I ve tried this before, but never succeed. I didnt know where should i attach 
> the 10:100 class. In the document, just told to add this class in tc, without 
> giving some information which interface should i attach this class.

I've not used squid, but think the idea is to shape on eth0 traffic from 
inet to lan and miss traffic from squid to lan. The patch lets you 
classify miss traffic from squid which you make an htb class for and you 
can then involve it in sharing/priorotising etc with other inet to lan 
traffic.

Andy.

> 
> Regards,
> Rio Martin.
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/