* [LARTC] shaping using source IP after NAT
@ 2007-06-11 18:58 Ethy H. Brito
2007-06-11 19:02 ` VladSun
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Ethy H. Brito @ 2007-06-11 18:58 UTC (permalink / raw)
To: lartc
Hi all
I am using a pass trhu router and I need to QoS some clients output by its
IP address. The problem is that QoS is due after NATing.
Is there some clever way of doing this besides MARKing every packet with
some IP hashing in POSTROUTING NAT table?
Regards
Ethy
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] shaping using source IP after NAT
2007-06-11 18:58 [LARTC] shaping using source IP after NAT Ethy H. Brito
@ 2007-06-11 19:02 ` VladSun
2007-06-11 20:44 ` Marco Aurelio
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: VladSun @ 2007-06-11 19:02 UTC (permalink / raw)
To: lartc
Ethy H. Brito написа:
> Hi all
>
> I am using a pass trhu router and I need to QoS some clients output by its
> IP address. The problem is that QoS is due after NATing.
>
> Is there some clever way of doing this besides MARKing every packet with
> some IP hashing in POSTROUTING NAT table?
>
> Regards
>
> Ethy
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
TC is performed after POSTROUTING, so you can not do any IP related TC
filtering. You can use CPU friendly patches for iptables like IPMARK or
IPCLASSIFY. Take a look at them.
Regards!
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] shaping using source IP after NAT
2007-06-11 18:58 [LARTC] shaping using source IP after NAT Ethy H. Brito
2007-06-11 19:02 ` VladSun
@ 2007-06-11 20:44 ` Marco Aurelio
2007-06-13 18:18 ` Ethy H. Brito
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Marco Aurelio @ 2007-06-11 20:44 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1004 bytes --]
Use IFB which seems to be already on kernel 2.6
On 6/11/07, VladSun <vladsun@relef.net> wrote:
> Ethy H. Brito написа:
> > Hi all
> >
> > I am using a pass trhu router and I need to QoS some clients output by its
> > IP address. The problem is that QoS is due after NATing.
> >
> > Is there some clever way of doing this besides MARKing every packet with
> > some IP hashing in POSTROUTING NAT table?
> >
> > Regards
> >
> > Ethy
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
> TC is performed after POSTROUTING, so you can not do any IP related TC
> filtering. You can use CPU friendly patches for iptables like IPMARK or
> IPCLASSIFY. Take a look at them.
>
> Regards!
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
--
Marco Casaroli
SapucaiNet Telecom
+55 35 34712377 ext 5
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] shaping using source IP after NAT
2007-06-11 18:58 [LARTC] shaping using source IP after NAT Ethy H. Brito
2007-06-11 19:02 ` VladSun
2007-06-11 20:44 ` Marco Aurelio
@ 2007-06-13 18:18 ` Ethy H. Brito
2007-06-13 20:20 ` VladSun
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Ethy H. Brito @ 2007-06-13 18:18 UTC (permalink / raw)
To: lartc
On Mon, 11 Jun 2007 22:02:31 +0300
VladSun <vladsun@relef.net> wrote:
> TC is performed after POSTROUTING, so you can not do any IP related TC
> filtering. You can use CPU friendly patches for iptables like IPMARK or
> IPCLASSIFY. Take a look at them.
Ok. Can someone point me the right direction to add IPMARK kernel support?
I downloaded patch-o-matic today's snapshot and there is no IPMARK there.
I have iptables-1.3.7 and kernel 2.6.21.1 sources (distro is slackware 11.0)
The curious thing is that IPMARK is at iptables man page but I got and
error when I execute it. It says it could not
find /usr/lib/iptables/libipt_IPMARK.so:
# locate -i IPMARK
# (no output here)
Regards.
Ethy
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] shaping using source IP after NAT
2007-06-11 18:58 [LARTC] shaping using source IP after NAT Ethy H. Brito
` (2 preceding siblings ...)
2007-06-13 18:18 ` Ethy H. Brito
@ 2007-06-13 20:20 ` VladSun
2007-06-14 19:25 ` Marco Aurelio
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: VladSun @ 2007-06-13 20:20 UTC (permalink / raw)
To: lartc
Ethy H. Brito написа:
> On Mon, 11 Jun 2007 22:02:31 +0300
> VladSun <vladsun@relef.net> wrote:
>
>
>
>> TC is performed after POSTROUTING, so you can not do any IP related TC
>> filtering. You can use CPU friendly patches for iptables like IPMARK or
>> IPCLASSIFY. Take a look at them.
>>
>
> Ok. Can someone point me the right direction to add IPMARK kernel support?
>
> I downloaded patch-o-matic today's snapshot and there is no IPMARK there.
>
> I have iptables-1.3.7 and kernel 2.6.21.1 sources (distro is slackware 11.0)
>
> The curious thing is that IPMARK is at iptables man page but I got and
> error when I execute it. It says it could not
> find /usr/lib/iptables/libipt_IPMARK.so:
>
> # locate -i IPMARK
> # (no output here)
>
>
> Regards.
>
> Ethy
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
Try "./runme download" in tge PoM directory. It should work if there is
defined download URL for IPMARK in the source.list file in the PoM
directory.
If it doesn't work try to download older version of PoM.
That is because netfilter team has refused to include IPMARK in the
official versions some time ago.
Regards
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] shaping using source IP after NAT
2007-06-11 18:58 [LARTC] shaping using source IP after NAT Ethy H. Brito
` (3 preceding siblings ...)
2007-06-13 20:20 ` VladSun
@ 2007-06-14 19:25 ` Marco Aurelio
2007-06-14 20:11 ` Ethy H. Brito
2007-06-14 20:51 ` Ethy H. Brito
6 siblings, 0 replies; 8+ messages in thread
From: Marco Aurelio @ 2007-06-14 19:25 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1724 bytes --]
I think it is better to use an IFB device and shape the upload traffic
using source IP before the NAT
http://linux-net.osdl.org/index.php/IFB
On 6/13/07, VladSun <vladsun@relef.net> wrote:
> Ethy H. Brito написа:
> > On Mon, 11 Jun 2007 22:02:31 +0300
> > VladSun <vladsun@relef.net> wrote:
> >
> >
> >
> >> TC is performed after POSTROUTING, so you can not do any IP related TC
> >> filtering. You can use CPU friendly patches for iptables like IPMARK or
> >> IPCLASSIFY. Take a look at them.
> >>
> >
> > Ok. Can someone point me the right direction to add IPMARK kernel support?
> >
> > I downloaded patch-o-matic today's snapshot and there is no IPMARK there.
> >
> > I have iptables-1.3.7 and kernel 2.6.21.1 sources (distro is slackware 11.0)
> >
> > The curious thing is that IPMARK is at iptables man page but I got and
> > error when I execute it. It says it could not
> > find /usr/lib/iptables/libipt_IPMARK.so:
> >
> > # locate -i IPMARK
> > # (no output here)
> >
> >
> > Regards.
> >
> > Ethy
> >
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
> Try "./runme download" in tge PoM directory. It should work if there is
> defined download URL for IPMARK in the source.list file in the PoM
> directory.
> If it doesn't work try to download older version of PoM.
> That is because netfilter team has refused to include IPMARK in the
> official versions some time ago.
>
> Regards
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
--
Marco Casaroli
SapucaiNet Telecom
+55 35 34712377 ext 5
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] shaping using source IP after NAT
2007-06-11 18:58 [LARTC] shaping using source IP after NAT Ethy H. Brito
` (4 preceding siblings ...)
2007-06-14 19:25 ` Marco Aurelio
@ 2007-06-14 20:11 ` Ethy H. Brito
2007-06-14 20:51 ` Ethy H. Brito
6 siblings, 0 replies; 8+ messages in thread
From: Ethy H. Brito @ 2007-06-14 20:11 UTC (permalink / raw)
To: lartc
PLEASE disregard this. My MUA gone crazy and resent a lot of my emails today.
Forgive me.
Ethy
On Wed, 13 Jun 2007 15:18:28 -0300
"Ethy H. Brito" <ethy.brito@inexo.com.br> wrote:
> On Mon, 11 Jun 2007 22:02:31 +0300
> VladSun <vladsun@relef.net> wrote:
>
>
> > TC is performed after POSTROUTING, so you can not do any IP related TC
> > filtering. You can use CPU friendly patches for iptables like IPMARK or
> > IPCLASSIFY. Take a look at them.
>
> Ok. Can someone point me the right direction to add IPMARK kernel support?
>
> I downloaded patch-o-matic today's snapshot and there is no IPMARK there.
>
> I have iptables-1.3.7 and kernel 2.6.21.1 sources (distro is slackware 11.0)
>
> The curious thing is that IPMARK is at iptables man page but I got and
> error when I execute it. It says it could not
> find /usr/lib/iptables/libipt_IPMARK.so:
>
> # locate -i IPMARK
> # (no output here)
>
>
> Regards.
>
> Ethy
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
--
Ethy H. Brito /"\
InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3797-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil / \
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] shaping using source IP after NAT
2007-06-11 18:58 [LARTC] shaping using source IP after NAT Ethy H. Brito
` (5 preceding siblings ...)
2007-06-14 20:11 ` Ethy H. Brito
@ 2007-06-14 20:51 ` Ethy H. Brito
6 siblings, 0 replies; 8+ messages in thread
From: Ethy H. Brito @ 2007-06-14 20:51 UTC (permalink / raw)
To: lartc
On Thu, 14 Jun 2007 16:25:14 -0300
"Marco Aurelio" <marco.casaroli@gmail.com> wrote:
> I think it is better to use an IFB device and shape the upload traffic
> using source IP before the NAT
>
> http://linux-net.osdl.org/index.php/IFB
Before NAT?!?! Where does IFB hook netfilter tables??
Before mangle POSTROUTING?
Ethy
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2007-06-14 20:51 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-11 18:58 [LARTC] shaping using source IP after NAT Ethy H. Brito
2007-06-11 19:02 ` VladSun
2007-06-11 20:44 ` Marco Aurelio
2007-06-13 18:18 ` Ethy H. Brito
2007-06-13 20:20 ` VladSun
2007-06-14 19:25 ` Marco Aurelio
2007-06-14 20:11 ` Ethy H. Brito
2007-06-14 20:51 ` Ethy H. Brito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.