Re: [LARTC] HTB: Filtering flat out not working :(

[Viktor Kemmet <Viktor.Kemmet@t-online.de>]

Hi,

this one is borrowed and modified from one example in the 
iproute2-package (Edge..):

###############################################################################
#  DS-marking packets using iptables fw-marking
TC=tc
IP=ip
EGDEV="dev eth0"

# Flush chain
iptables -F OUTPUT -t mangle

# Mark Packets according to destination port number
iptables -I OUTPUT -t mangle -p udp --destination-port 5003 -j MARK --set-mark 3
iptables -I OUTPUT -t mangle -p udp --destination-port 5002 -j MARK --set-mark 2
iptables -I OUTPUT -t mangle -p udp --destination-port 5001 -j MARK --set-mark 1

iptables -L OUTPUT -t mangle
echo 

# attach a dsmarker
#
$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 set_tc_index
#
# values of the DSCP to change depending on the class
#
#becomes EF
$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \
       value 0xb8
#becomes AF11
$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \
       value 0x28
#becomes AF21
$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \
       value 0x48
#
#
# The class mapping
#
$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 1 fw flowid 1:1
$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 2 fw flowid 1:2
$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 3 fw flowid 1:3
#

echo "---- qdisc parameters Egress  ----------"
$TC qdisc ls $EGDEV
echo "---- Class parameters Egress  ----------"
$TC class ls $EGDEV
echo "---- filter parameters Egress ----------"
$TC filter ls $EGDEV parent 1:0


Tim Carr wrote:

>
> Absolutely, but you'll notice in my follow up post that nowhere does 
> it tell you how to use 'tc' to throw the MARKed packets into a certain 
> flow. The HOWTO tells you how to route marked packets, not how to 
> shape them... ideas? do you happen to know the TC command sytax? All i 
> need is one example....
>
> tim
>
>> From: Ben <bench@silentmedia.com>
>> To: Tim Carr <cygnusx__1@hotmail.com>
>> Subject: Re: [LARTC] HTB: Filtering flat out not working :(
>> Date: Thu, 28 Feb 2002 09:54:44 -0800 (PST)
>>
>> Actually, somebody replied with the idea of using fwmarks. That sounds
>> perfect to me.... mark on the internal interface, and then sort on the
>> external interface.
>>
>> On Thu, 28 Feb 2002, Tim Carr wrote:
>>
>> >
>> >
>> > >My understanding - and it's not very complete because I also just 
>> sent out
>> > >mail about my htb setup not working :) - is that you want to place 
>> the
>> > >qdisc on the output interface - in this case, ppp. And in your 
>> case, I
>> > >think you're right, you can't do that, because you're doing masq. 
>> There's
>> > >something called ingres policing you might look at.
>> >
>> > So you don't think HTB could work for masquerading at all?! My idea 
>> was to
>> > put it on ETH1 (local lan side). That way packets get shaped before 
>> they
>> > even hit the masquerading. I guess the masquerading is happening 
>> even before
>> > eth1's filtering rules get used.
>> >
>> > What about setting up a virtual ethernet adapter or something of 
>> the like;
>> > setting that as the gateway for the LAN machines, doing the 
>> shaping, THEN
>> > forwarding it to ETH1?
>> >
>> > Tim
>> >
>> >
>> > _________________________________________________________________
>> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
>> >
>>
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/