Re: [LARTC] Sharing a DSL between 40 subnets with htb

From: Andy Furniss <andy.furniss@dsl.pipex.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Sharing a DSL between 40 subnets with htb
Date: Sun, 08 Jan 2006 21:16:00 +0000	[thread overview]
Message-ID: <43C18110.6020504@dsl.pipex.com> (raw)
In-Reply-To: <43BF7898.1070409@nrvissing.net>

Flemming Frandsen wrote:
> I have a network with around 40 /24 subnets that shares a common DSL, 
> this cries out for shaping so here I am trying to make it work as my 
> first tc project.
> 
> I have managed to cargocult some snippets from this list and tried to 
> come up with a config, but there are a few things that I'd really like 
> some input on:
> 
> 1) Are the NAT'ed addresses available in the PREROUTING table of eth0?

eth0 doesn't have a prerouting table everything coming in from anywhere 
hits prerouting. If eth0 is WAN then packets coming in will still have 
real ip addresses in PREROUTING.

> 
> 2) If not then can I have the iptable --set-mark stuff in the tables
>    for one interface and use the mark in tc on another interface?

Yes tables are not device specific.

> 
> 3) Is it possible to filter on the routing table in stead of the
>    --set-mark? so all traffic going to a certain router gets
>    filtered into the same htb?

You could use tc filters on ip/dst mac etc

> #Have the bucket that traffic gets dropped into
> #be determined by the firewall mark
> #btw: --set-mark 0xbabeface maps to class id babe:face
> tc filter add dev eth0 parent 1: protocol ip prio 1 handle 1 fw

Don't think you need handle 1 here.

> 
> #Hook up the classification table to the interface
> iptables -t mangle -A PREROUTING -o eth0 -j to-dsl

Out dev isn't known in prerouting.

Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc