* [LARTC] Help needed
2002-05-14 10:15 [LARTC] Help Needed Vishal Malhan
@ 2003-04-05 14:52 ` Fernando del Valle
2003-04-05 15:09 ` Esteban Ribicic
2003-04-05 15:29 ` Stef Coene
2 siblings, 0 replies; 4+ messages in thread
From: Fernando del Valle @ 2003-04-05 14:52 UTC (permalink / raw)
To: lartc
Hi,
I have a Squid proxy connected to the Internet by ADSL which serves a small
LAN.
[ ADSL ] -- [(ppp0) PROXY (eth1)] -- [LAN 192.168.0.0/24]
Shaped: (0.0.0.0/0) ---> -------------------------> --> ------------>
Unshaped:
(squid) -----> --> ------------>
I've set up traffic shaping using CBQ by IP on eth1. But it shapes ALL the
traffic sent over local Ethernet, and I'd like to keep proxy traffic which
didn't came from ppp0 unshaped. I marked with iptables everything that comes
from ppp0, but I can't get it to work with both filters (by handle and by
IP). I don't realise how should I create the structure of classes. Anyway,
it might be enough to leave traffic from ports 80 and 3128 unshaped, but how
can I do it? I browsed the documentation (and googled) and I couldn't
determine:
a) if more than one filter can be attached to a class;
b) if all filters sharing a class are parsed or the first match exits;
c) if all subclasses of a class are parsed or the first match exits.
I know these are simple questions, but as a newbie I'm pretty stuck in here.
With answers to a), b) and c) I should be able to configure it by myself.
Anyway, a short sample would be appreciated.
Thanks in advance,
Fernando del Valle
P.S.: Please excuse my poor english :(
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] Help needed
2002-05-14 10:15 [LARTC] Help Needed Vishal Malhan
2003-04-05 14:52 ` [LARTC] Help needed Fernando del Valle
@ 2003-04-05 15:09 ` Esteban Ribicic
2003-04-05 15:29 ` Stef Coene
2 siblings, 0 replies; 4+ messages in thread
From: Esteban Ribicic @ 2003-04-05 15:09 UTC (permalink / raw)
To: lartc
i've say you have a iptables/u32 understanding than a cbq/htb or
whatever i think..
a) yes
b) its secuentially "readed"...if none match is applyed, you can have a
default iptables/u32 rule for example..-s 0/0 -d myip
c) i dont understand the question, maybe somenoe else can help you.
docum.org and lartc.org have plenty of examples
good luck (suerte flaco)
On Sat, 2003-04-05 at 11:52, Fernando del Valle wrote:
> Hi,
>
> I have a Squid proxy connected to the Internet by ADSL which serves a small
> LAN.
>
> [ ADSL ] -- [(ppp0) PROXY (eth1)] -- [LAN 192.168.0.0/24]
> Shaped: (0.0.0.0/0) ---> -------------------------> --> ------------>
> Unshaped:
> (squid) -----> --> ------------>
>
> I've set up traffic shaping using CBQ by IP on eth1. But it shapes ALL the
> traffic sent over local Ethernet, and I'd like to keep proxy traffic which
> didn't came from ppp0 unshaped. I marked with iptables everything that comes
> from ppp0, but I can't get it to work with both filters (by handle and by
> IP). I don't realise how should I create the structure of classes. Anyway,
> it might be enough to leave traffic from ports 80 and 3128 unshaped, but how
> can I do it? I browsed the documentation (and googled) and I couldn't
> determine:
>
>
> a) if more than one filter can be attached to a class;
> b) if all filters sharing a class are parsed or the first match exits;
> c) if all subclasses of a class are parsed or the first match exits.
>
> I know these are simple questions, but as a newbie I'm pretty stuck in here.
> With answers to a), b) and c) I should be able to configure it by myself.
> Anyway, a short sample would be appreciated.
>
> Thanks in advance,
>
> Fernando del Valle
>
> P.S.: Please excuse my poor english :(
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Help needed
2002-05-14 10:15 [LARTC] Help Needed Vishal Malhan
2003-04-05 14:52 ` [LARTC] Help needed Fernando del Valle
2003-04-05 15:09 ` Esteban Ribicic
@ 2003-04-05 15:29 ` Stef Coene
2 siblings, 0 replies; 4+ messages in thread
From: Stef Coene @ 2003-04-05 15:29 UTC (permalink / raw)
To: lartc
On Saturday 05 April 2003 16:52, Fernando del Valle wrote:
> Hi,
>
> I have a Squid proxy connected to the Internet by ADSL which serves a small
> LAN.
>
> [ ADSL ] -- [(ppp0) PROXY (eth1)] -- [LAN 192.168.0.0/24]
> Shaped: (0.0.0.0/0) ---> -------------------------> --> ------------>
> Unshaped:
> (squid) -----> --> ------------>
>
> I've set up traffic shaping using CBQ by IP on eth1. But it shapes ALL the
> traffic sent over local Ethernet, and I'd like to keep proxy traffic which
> didn't came from ppp0 unshaped. I marked with iptables everything that
> comes from ppp0, but I can't get it to work with both filters (by handle
> and by IP). I don't realise how should I create the structure of classes.
> Anyway, it might be enough to leave traffic from ports 80 and 3128
> unshaped, but how can I do it? I browsed the documentation (and googled)
> and I couldn't determine:
So you want proxied traffic unshaped. You can use the source address. All
traffic from ip-address = eth1 is local traffic , all other traffic is
internet traffic. The only problem is proxy traffic. Because you don't know
if the traffic came from ppp0 or it was fetched form the proxy cache. You
can mark the packets coming in from ppp0, but the mark is lost when the
packet enters the proxy.
> a) if more than one filter can be attached to a class;
Yes you can. They are ordered based on prio.
> b) if all filters sharing a class are parsed or the first match exits;
As soon as a filter matches, the packet is sended to the destination of the
filter.
> c) if all subclasses of a class are parsed or the first match exits.
I'm not sure what you want to say. But if a packet enters a class, all
filters are tested. If a filter matches, the packet is send to the
destination class. And if that class is not a leaf class (it has child
classes), the filters attached to that class are tested again. This goes on,
untill the packet ends up in a class with not child classes (a leaf class).
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread