From mboxrd@z Thu Jan  1 00:00:00 1970
From: bert hubert <ahu@ds9a.nl>
Date: Fri, 28 Dec 2001 07:07:39 +0000
Subject: Re: [LARTC] need help in shaping traffic
Message-Id: <marc-lartc-100952331805331@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-100951048824186@msgid-missing>
In-Reply-To: <marc-lartc-100951048824186@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Fri, Dec 28, 2001 at 03:33:58AM +0000, arindam wrote:
> hi all,
> my system with kernel 2.4.16 & 2.4.17( RH-7.2) has
> netfilter-1.2.4, iproute-ss010803, squid, dns with 4
> ether cards.i am trying a simple situation where i
> want to shape traffic all the interfaces. at present
> iam using netfilter to allow a few ips, using
> transparent squid & iproute to limit bandwidth. i feel
> i must give more bandwidth for my local servers for my
> office & customers.
> i need some help from u Gurus in knowing what i did
> wrong here.
> a) y no trafic is passing thru the http handle 101.
> infcat only the 102 handle is working(seen below) ??

'tcp dst' is not working as you think it is. Use 'ip dport'.

> b) whats recomended--marking pkts in iproute or
> iptables ??

AFAIK, ip can't mark packets.

> c) if i mark pkts with iptables, will i be still able
> to use transparent squid as well as shape bandwidth(i
> havnt tried this so far)

An fwmark will not survive a transparent proxy.

You may want to police on ingress.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
Netherlabs BV / Rent-a-Nerd.nl           - Nerd Available -
Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/