From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Sat, 05 Feb 2005 12:30:40 +0000 Subject: Re: [LARTC] Re: Confuse, putting packets in wrong mangle table. Message-Id: <4204BC70.5030005@dsl.pipex.com> List-Id: References: <200501191657.15767.rio@martin.mu> In-Reply-To: <200501191657.15767.rio@martin.mu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Rio Martin. wrote: > On Monday 31 January 2005 23:17, Andy Furniss wrote: > >>Ahh - I thought that squid could limit connections based on the rate the >>client could sustain. >>You can shape incoming to squid with imq if hooked after nat, because >>its traffic will have real dst address - other will have been denatted. > > > Could you give me some example, how to do that? > Thanks .. > There may be a way to do this with a dummy device soon, but for now you need too patch kernel with imq from http://www.linuximq.net choose to hook after nat (may be default - the first letter in imq kernel config needs to be A) Set up htb with your rules for sharing/ priorotising interactive traffic attached to imq0. In prerouting mangle you can do some marking eg. small tcp/udp to get priority. Then append a rule like this - iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0 Somewhere in you htb setup make a class for you squid traffic and filter traffic to it something like - tc class add dev imq0 parent 1:2 classid 1:33 htb rate 220kbit ceil 480kbit quantum 1500 prio 1 tc filter add dev imq0 protocol ip parent 1:0 prio 1 u32 \ match ip dst 220.1.1.1 flowid 1:33 You also need to first modprobe imq if it's a module and bring it up with - modprobe imq numdevs=1 ip link set imq0 up Andy. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/