All of lore.kernel.org
 help / color / mirror / Atom feed
From: Fozzie <fozzie@muppet.mine.nu>
To: lartc@vger.kernel.org
Subject: [LARTC] NAT and CBQ
Date: Mon, 08 Jul 2002 06:21:00 +0000	[thread overview]
Message-ID: <marc-lartc-102610935315892@msgid-missing> (raw)


I've got a linux box setup as a dedicated router, with CBQ and NAT.  I've
got the NAT all setup and that part is working ok.   I tried HTB first,
and then CBQ and both gave me this trouble.  Traffic doesn't seem to be
hitting my filter rules on outgoing traffic(sending from eth0 out to
internet land).   Incoming traffic is being bounded perfectly.  I was
wondering if there's any "issues" that have to be worked out when you have
CBQ and NAT on the same box.  Thanks in advanced for any help


------------------------------------------------------------------
- cbq.init list

### eth0: queueing disciplines

qdisc sfq 103: quantum 1514b
qdisc sfq 102: quantum 1514b
qdisc sfq 101: quantum 1514b
qdisc cbq 1: rate 100Mbit (bounded,isolated) prio no-transmit

### eth0: traffic classes

class cbq 1:101 parent 1: leaf 101: rate 102Kbit prio 5
class cbq 1: root rate 100Mbit (bounded,isolated) prio no-transmit
class cbq 1:103 parent 1: leaf 103: rate 204Kbit prio 5
class cbq 1:102 parent 1: leaf 102: rate 204Kbit prio 5

### eth0: filtering rules

filter parent 1: protocol ip pref 100 u32
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:101
  match 0a000001/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 1:102
  match 0a000002/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 800::802 order 2050 key ht 800 bkt 0 flowid 1:102
  match 0a000004/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 800::803 order 2051 key ht 800 bkt 0 flowid 1:102
  match 0a000005/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 800::804 order 2052 key ht 800 bkt 0 flowid 1:103
  match 0a000003/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 800::805 order 2053 key ht 800 bkt 0 flowid 1:103
  match 0a000006/ffffffff at 12

### eth1: queueing disciplines

qdisc sfq 203: quantum 1514b
qdisc sfq 202: quantum 1514b
qdisc sfq 201: quantum 1514b
qdisc cbq 1: rate 100Mbit (bounded,isolated) prio no-transmit

### eth1: traffic classes

class cbq 1:202 parent 1: leaf 202: rate 819Kbit prio 5
class cbq 1: root rate 100Mbit (bounded,isolated) prio no-transmit
class cbq 1:203 parent 1: leaf 203: rate 819Kbit prio 5
class cbq 1:201 parent 1: leaf 201: rate 409Kbit prio 5

### eth1: filtering rules

filter parent 1: protocol ip pref 100 u32
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:201
  match 0a000001/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 1:202
  match 0a000002/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 800::802 order 2050 key ht 800 bkt 0 flowid 1:202
  match 0a000004/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 800::803 order 2051 key ht 800 bkt 0 flowid 1:202
  match 0a000005/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 800::804 order 2052 key ht 800 bkt 0 flowid 1:203
  match 0a000003/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 800::805 order 2053 key ht 800 bkt 0 flowid 1:203
  match 0a000006/ffffffff at 16


-----------------------------------------------------------------------------------------------------
--- iptables -t nat -L -n

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  0.0.0.0/0            24.156.64.5        tcp dpt:21 to:10.0.0.1:21
DNAT       tcp  --  0.0.0.0/0            24.156.64.5        tcp dpt:22 to:10.0.0.1:22
DNAT       tcp  --  0.0.0.0/0            24.156.64.5        tcp dpt:25 to:10.0.0.1:25
DNAT       tcp  --  0.0.0.0/0            24.156.64.5        tcp dpt:53 to:10.0.0.1:53
DNAT       tcp  --  0.0.0.0/0            24.156.64.5        tcp dpt:80 to:10.0.0.1:80
DNAT       tcp  --  0.0.0.0/0            24.156.64.5        tcp dpt:110 to:10.0.0.1:110
DNAT       tcp  --  0.0.0.0/0            24.156.64.5        tcp dpt:113 to:10.0.0.1:113

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  10.0.0.0/24          0.0.0.0/0          to:24.156.64.5

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

---
Am Foz, Need Sig.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

             reply	other threads:[~2002-07-08  6:21 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-07-08  6:21 Fozzie [this message]
2002-07-08  6:45 ` [LARTC] NAT and CBQ Daniel Sercaianu
2002-07-08  9:39 ` bert hubert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-102610935315892@msgid-missing \
    --to=fozzie@muppet.mine.nu \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.