From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Claudio L. Salvadori" <cls@xpnet.com.br>
Date: Thu, 13 Dec 2001 16:42:59 +0000
Subject: Re: [LARTC] How to MARK NATtted packets coming from external interface to an internal host ?
Message-Id: <marc-lartc-100826175719569@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-100824638812421@msgid-missing>
In-Reply-To: <marc-lartc-100824638812421@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi,

I have considered using 'tc filter' with the u32 classifier
but I couldn't find a way to differentiate between traffic coming
from the Internet (source ip = any) from traffic originating
in the gateway (source ip = ip of eth0). I need this because
I would like to shape only traffic coming from the Internet.
Internal clients should be able to download data from the gateway 
without any bandwidth restriction.

If at least there was a NOT (! like in iptables) operator
in the match syntax  I could assume that traffic not coming from the 
source ip of eth0 is coming from the Internet. Something like this:

tc filter add dev eth0 parent 10:1\
                        protocol ip\
                        prio 1\
                        u32\
  NOT operator -->      match ip src ! (eth0 IP)\
                        match ip dst (client IP)\
                        classid 10:2

Any ideas on how to differentiate these two kinds of traffic
using 'tc filter' ?

Best regards,
Claudio Leonel Salvadori
cls@xpnet.com.br




bert hubert wrote:

> On Thu, Dec 13, 2001 at 10:27:37AM -0200, Claudio L. Salvadori wrote:
> 
>>Hi,
>>
>>I would like to control download bandwidth from the Internet for
>>clients inside a network. The gateway is a Linux box using
>>'iptables nat'.
>>I would like to use 'iptables mangle' to mark the packets coming
>>from the Internet and going to specific clients and then use CBQ
>>to shape it:
>>
> 
> 
> Mangle is being upgraded by the netfilter people to be available everywhere.
> In he meantime, you should use tc filters to shape on eth0's egress. For
> what you want, the commands are very simple.
> 
> 
>>How can I classify this traffic so I can shape it ?
>>
> 
> http://ds9a.nl/lartc/HOWTO//cvs/2.4routing/output/2.4routing-9.html#ss9.6
> 'All the filtering commands you will normally need'.
> 
> Regards,
> 
> bert
> 
> 



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/