From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Sun, 08 Jan 2006 21:16:00 +0000 Subject: Re: [LARTC] Sharing a DSL between 40 subnets with htb Message-Id: <43C18110.6020504@dsl.pipex.com> List-Id: References: <43BF7898.1070409@nrvissing.net> In-Reply-To: <43BF7898.1070409@nrvissing.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Flemming Frandsen wrote: > I have a network with around 40 /24 subnets that shares a common DSL, > this cries out for shaping so here I am trying to make it work as my > first tc project. > > I have managed to cargocult some snippets from this list and tried to > come up with a config, but there are a few things that I'd really like > some input on: > > 1) Are the NAT'ed addresses available in the PREROUTING table of eth0? eth0 doesn't have a prerouting table everything coming in from anywhere hits prerouting. If eth0 is WAN then packets coming in will still have real ip addresses in PREROUTING. > > 2) If not then can I have the iptable --set-mark stuff in the tables > for one interface and use the mark in tc on another interface? Yes tables are not device specific. > > 3) Is it possible to filter on the routing table in stead of the > --set-mark? so all traffic going to a certain router gets > filtered into the same htb? You could use tc filters on ip/dst mac etc > #Have the bucket that traffic gets dropped into > #be determined by the firewall mark > #btw: --set-mark 0xbabeface maps to class id babe:face > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 1 fw Don't think you need handle 1 here. > > #Hook up the classification table to the interface > iptables -t mangle -A PREROUTING -o eth0 -j to-dsl Out dev isn't known in prerouting. Andy. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc