* Re: [LARTC] iptables mark & iproute
@ 2002-01-07 8:55 Arindam
0 siblings, 0 replies; only message in thread
From: Arindam @ 2002-01-07 8:55 UTC (permalink / raw)
To: lartc
hi..i posted this message sometime back.. can pls someone help me with it..
i basically want traffic to be restricted for all server outside my
network ie. 4e.g 64kbps for internet but 512kbps for my lan
servers(web/smtp)..
i though of doing this(as the script will tell u)--mark packets with
iproute & restrict the traffic with iprote2(lan-web or smtp)..if no mark
then pass thru the default bandwidth for the ip group !!
the linux box is always handling 1Mb+ traffic from eth0(net interface)..
awaiting some guidance for u Gurus there...
arindam haldar
Message: 6 Date: Fri, 04 Jan 2002 11:24:30 +0530 From: Arindam Haldar
<ahiam@yahoo.com> To: Stef Coene <stef.coene@docum.org> Cc:
lartc@mailman.ds9a.nl Subject: Re: [LARTC] iptables mark & iproute
related ! hi, Stef Coene wrote:
> On Thursday 03 January 2002 15:17, Arindam Haldar wrote:
>>hi
>>i did those test & as i said in my last mail there is trafic passing thru
>>ir bytes counter r increasing but the tc command doesnt show any
>>restircition. seem like marked pkts r not going thru the iproute
>>
> Sorry, you wrote to encrypted for me to understand everything [;-)]
> If I understand correctly, everything works if you use CBQ & SFQ, but
the fw
> filter is not working like it should be ?
YES !!! .. UR ABSOLUTELY RIGHT !!!! [:-)]
>
>>any suggestions ??
>>
> Can you post the scripts you are using so I can try them myself ?
>
> Stef
>
THIS IS MY TRUNCATED SCRIPT(MARK RELATED) !
iptables -A INPUT -i eth4 -s 192.168.1.1 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.1.1 -j ACCEPT
iptables -A PREROUTING -t nat -i eth4 -p 6 --dport 80 -j REDIRECT
--to-port 3128
iptables -A PREROUTING -t mangle -i eth4 -s 192.168.1.1 -d a.b.c.d -j
MARK --set-mark 55
iptables -A PREROUTING -t mangle -i eth4 -s 192.168.1.1 -d ! a.b.c.d -j
MARK --set-mark 51
iptables -A POSTROUTING -t mangle -o eth0 -s 192.168.1.1 -j MASQUERADE
iptables -A PREROUTING -t nat -i eth0 -d 192.168.1.1 -s a.b.c.d -j MARK
--set-mark 56
iptables -A PREROUTING -t mangle -i eth0 -d 192.168.1.1 -s ! a.b.c.d -j
MARK --set-mark 52
###--32kbps for x-LAN
tc class add dev eth4 parent 5:1 classid 5:191 est 2sec 10sec cbq
bandwidth 512Kbit rate 32Kbit allot 5\1514 weight 3.2Kbit prio 2
maxbrust 5 avpkt 1500 bounded
tc qdisc add dev eth4 parent 5:191 sfq perturb 10
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 51 fw
flowid 5:191
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 52 fw
flowid 5:191
###--128 for LAN
tc class add dev eth4 parent 5:1 classid 5:192 est 2sec 10sec cbq
bandwidth 512Kbit rate 128Kbit allot 5\1514 weight 3.2Kbit prio 2
maxbrust 5 avpkt 1500 bounded
tc qdisc add dev eth4 parent 5:192 sfq perturb 10
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 55 fw
flowid 5:192
tc filter add dev eth4 parent 5:0 protocol ip prio 10 handle 56 fw
flowid 5:192
similar for eth0 too !!
thanx in anticipation
arindam haldar
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-01-07 8:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-01-07 8:55 [LARTC] iptables mark & iproute Arindam
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.