[LARTC] iptables mark & iproute related !

[LARTC] iptables mark & iproute related !

[Arindam Haldar]

hi all

i did the following test again but ..:( .. failed again !!
i  need some guidance now from Gurus here..

iptables -A PREROUTING -t mangle -i eth1 -s ..... -j mark 101
iptables -A PREROUTING -t nat -i eth1 -s  ... -j REDIRECT --to-port 3128

tc qdisc ............... handle 101 fw flowid 1:170

iptables -nvL INPUT , iptables -nvL -t mangle , iptables -nvL -t nat did 
show data passing BUT i couldnt limit bandwidth !!!
tc -s -d class/qdisc...... command didnt show any data pasing thru--i.e 
it remained ZERO !
i am already running a bandwidth  restrictor(cbq+sfq) & while doing this 
test i only changed the above tc command !
my requirement is to provide bandwidth based on port network(local net).
iproute2 verision ss010803
iptables version v1.2.4
kernel 2.4.17
i would be grateful for some direction ....

thanx in anticipation

arindam haldar


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] iptables mark & iproute related !

[Stef Coene]

On Wednesday 02 January 2002 05:59, Arindam Haldar wrote:
> hi all
>
> i did the following test again but ..:( .. failed again !!
> i  need some guidance now from Gurus here..
If you execute iptables -L -v -n -t nat, you can see the byte counters for 
each rule you inserted.  Are these incremented or not if you generate some 
traffic ?

Stef

>
> iptables -A PREROUTING -t mangle -i eth1 -s ..... -j mark 101
> iptables -A PREROUTING -t nat -i eth1 -s  ... -j REDIRECT --to-port 3128
>
> tc qdisc ............... handle 101 fw flowid 1:170
>
> iptables -nvL INPUT , iptables -nvL -t mangle , iptables -nvL -t nat did
> show data passing BUT i couldnt limit bandwidth !!!
> tc -s -d class/qdisc...... command didnt show any data pasing thru--i.e
> it remained ZERO !

-- 

stef.coene@docum.org
 More QOS info : http://www.docum.org/
 Title : "Using Linux as bandwidth manager"
     

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] iptables mark & iproute related !

[Arindam Haldar]

hi
i did those test & as i said in my last mail there is trafic passing thru ir
bytes counter r increasing but the tc command doesnt show any restircition.
seem like marked pkts r not going thru the iproute
any suggestions ??
thanx in anticipation
arindam haldar

On Wednesday 02 January 2002 05:59, Arindam Haldar wrote:
> hi all
>
> i did the following test again but ..:( .. failed again !!
> i  need some guidance now from Gurus here..
If you execute iptables -L -v -n -t nat, you can see the byte counters for 
each rule you inserted.  Are these incremented or not if you generate some 
traffic ?

Stef

>
> iptables -A PREROUTING -t mangle -i eth1 -s ..... -j mark 101
> iptables -A PREROUTING -t nat -i eth1 -s  ... -j REDIRECT --to-port 3128
>
> tc qdisc ............... handle 101 fw flowid 1:170
>
> iptables -nvL INPUT , iptables -nvL -t mangle , iptables -nvL -t nat did
> show data passing BUT i couldnt limit bandwidth !!

> tc -s -d class/qdisc...... command didnt show any data pasing thru--i.e
> it remained ZERO !

-- 

stef.coene@docum.org
 More QOS info : http://www.docum.org/
 Title : "Using Linux as bandwidth manager"
     




_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] iptables mark & iproute related !

[Stef Coene]

On Thursday 03 January 2002 15:17, Arindam Haldar wrote:
> hi
> i did those test & as i said in my last mail there is trafic passing thru
> ir bytes counter r increasing but the tc command doesnt show any
> restircition. seem like marked pkts r not going thru the iproute
Sorry, you wrote to encrypted for me to understand everything ;-)
If I understand correctly, everything works if you use CBQ & SFQ, but the fw 
filter is not working like it should be ? 

> any suggestions ??
Can you post the scripts you are using so I can try them myself ?

Stef

-- 

stef.coene@docum.org
 More QOS info : http://www.docum.org/
 Title : "Using Linux as bandwidth manager"
     

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/

Re: [LARTC] iptables mark & iproute related !

[Arindam Haldar]

hi,

Stef Coene wrote:

> On Thursday 03 January 2002 15:17, Arindam Haldar wrote:
>>hi
>>i did those test & as i said in my last mail there is trafic passing thru
>>ir bytes counter r increasing but the tc command doesnt show any
>>restircition. seem like marked pkts r not going thru the iproute
>>
> Sorry, you wrote to encrypted for me to understand everything ;-)
> If I understand correctly, everything works if you use CBQ & SFQ, but the fw 
> filter is not working like it should be ? 

YES !!! .. UR ABSOLUTELY RIGHT !!!! :-)

> 
>>any suggestions ??
>>
> Can you post the scripts you are using so I can try them myself ?
> 
> Stef
> 
THIS IS MY TRUNCATED SCRIPT(MARK RELATED) !


iptables -A INPUT -i eth4 -s 192.168.1.1 -j ACCEPT

iptables -A FORWARD -o eth0 -s 192.168.1.1 -j ACCEPT
iptables -A PREROUTING -t nat -i eth4 -p 6 --dport 80 -j REDIRECT 
--to-port 3128
iptables -A PREROUTING -t mangle -i eth4 -s 192.168.1.1 -d a.b.c.d -j 
MARK --set-mark 55
iptables -A PREROUTING -t mangle -i eth4 -s 192.168.1.1 -d ! a.b.c.d -j 
MARK --set-mark  51
iptables -A POSTROUTING -t mangle -o eth0 -s 192.168.1.1 -j MASQUERADE


iptables -A PREROUTING -t nat -i eth0 -d 192.168.1.1 -s a.b.c.d -j MARK 
--set-mark 56
iptables -A PREROUTING -t mangle -i eth0 -d 192.168.1.1 -s ! a.b.c.d -j 
MARK --set-mark 52

###--32kbps for x-LAN
tc class add dev eth4  parent 5:1 classid 5:191 est 2sec 10sec cbq 
bandwidth 512Kbit rate 32Kbit allot 5\1514 weight 3.2Kbit prio 2 
maxbrust 5 avpkt 1500 bounded
tc qdisc add dev eth4 parent 5:191 sfq perturb 10
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 51 fw 
flowid 5:191
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 52 fw 
flowid 5:191
###--128 for LAN
tc class add dev eth4  parent 5:1 classid 5:192 est 2sec 10sec cbq 
bandwidth 512Kbit rate 128Kbit allot 5\1514 weight 3.2Kbit prio 2 
maxbrust 5 avpkt 1500 bounded
tc qdisc add dev eth4 parent 5:192 sfq perturb 10
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 55 fw 
flowid 5:192
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 56 fw 
flowid 5:192

similar for eth0 too !!
thanx in anticipation

arindam haldar


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/