From: nix4me <nix4me@cfl.rr.com>
To: lartc@vger.kernel.org
Subject: [LARTC] my shaping rules wont work on nat box
Date: Sat, 04 Mar 2006 00:00:00 +0000 [thread overview]
Message-ID: <4408D880.4060100@cfl.rr.com> (raw)
I am currently running the following script on an internal machine to
shape outbound ftp and email traffic.
I am trying to move the script to my nat router (ipcop with 2 nic cards)
so that it shapes the whole network and not only the outbound of 1 box.
I have cable modem -> ipcop (eth1) >(eth0 - 192.168.1.1) >
192.168.1.100 and 192.168.1.101.
The scripts works great running on 192.168.1.101. But I cannot get it
to work on either of the ipcop interfaces.
Does it have something to do with NAT ?
Script:
#!/bin/bash
#shaping passive and active outbound ftp traffic on an internal computer
without affecting inbound and lan speed
# mark the outbound passive ftp packets on ports 50000-51000
iptables -t mangle -D OUTPUT -o eth0 -j MYSHAPER-OUT 2> /dev/null >
/dev/null
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I OUTPUT -o eth0 -j MYSHAPER-OUT
# mark packets: 20 is lan traffic, 26 is active ftp and passive ftp, 30
is ACK for downloads, 35 is email
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 20
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 59999 -j MARK
--set-mark 26
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK
--set-mark 26
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK
--set-mark 30
iptables -t mangle -A MYSHAPER-OUT -m tcp -p tcp --dport 25 -j MARK
--set-mark 35
# clear it
tc qdisc del dev eth0 root
#add the root qdisk
tc qdisc add dev eth0 root handle 1: htb default 20
#add main rate limit class
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit
#add leaf classes, 1:2 is lan, 1:3 is outbound max
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 100mbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 40kbps
# 1:31 is ftp with lower prio, 1:32 is ACk AND email higher prio
tc class add dev eth0 parent 1:3 classid 1:31 htb rate 1kbps ceil 40kbps
prio 2
tc class add dev eth0 parent 1:3 classid 1:32 htb rate 20kbps ceil
40kbps prio 1
#filter traffic into classes
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw
flowid 1:2
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 26 fw
flowid 1:31
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 30 fw
flowid 1:32
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 35 fw
flowid 1:32
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next reply other threads:[~2006-03-04 0:00 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-04 0:00 nix4me [this message]
2006-03-04 1:21 ` [LARTC] my shaping rules wont work on nat box nix4me
2006-03-04 12:08 ` Markus Schulz
2006-03-04 15:42 ` nix4me
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4408D880.4060100@cfl.rr.com \
--to=nix4me@cfl.rr.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.