All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] iptables, IP accounting and traffic shaping
@ 2002-10-07 22:52 Aaron Clausen
  2002-10-08 14:17 ` Stef Coene
  2002-10-08 16:32 ` Aaron Clausen
  0 siblings, 2 replies; 3+ messages in thread
From: Aaron Clausen @ 2002-10-07 22:52 UTC (permalink / raw)
  To: lartc

I'm having a big problem with a Linux box I have configured as a NAT router
and for IP accounting.  These two functions work without a hitch, but now I
want to do some traffic shaping.  I'm using cbq.init, but have the issue
that no packets are hitting the shaping class.

My machine has two ethernet cards, both on the same subnet, but eth1 being
connected to a number of internal NAT networks.  I'm using proxy arp to pass
data between the two ethernet cards.  I hope the following segment of my
iptables script isn't too big, but it should give a pretty good idea of what
I'm doing.

# beginning of script
/usr/sbin/iptables -F
/usr/sbin/iptables -X
/usr/sbin/iptables -t nat -F
/usr/sbin/iptables -t nat -X
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -P FORWARD ACCEPT
/usr/sbin/iptables -P INPUT ACCEPT
/usr/sbin/iptables -P OUTPUT ACCEPT

iptables -t nat -A PREROUTING -i eth0 -d 64.251.69.2 -j DNAT --to 10.102.106.2
iptables -t nat -A POSTROUTING -o eth0 -s 10.102.106.2 -j SNAT --to 64.251.69.2
iptables -t nat -A PREROUTING -i eth0 -d 64.251.69.3 -j DNAT --to 10.101.106.2
iptables -t nat -A POSTROUTING -o eth0 -s 10.101.106.2 -j SNAT --to 64.251.69.3

echo [/etc/rc.d/rc.iptables] Recreating NAT tables...
#iptables -t nat -A POSTROUTING -o eth0 -s 10.101.104.0/21 -d 0/0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth0 -s 10.102.104.0/21 -d 0/0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth0 -s 10.103.104.0/21 -d 0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.101.104.0/21 -j SNAT --to 64.251.68.21
iptables -t nat -A POSTROUTING -s 10.102.104.0/21 -j SNAT --to 64.251.68.21
iptables -t nat -A POSTROUTING -s 10.103.104.0/21 -j SNAT --to 64.251.68.21

echo [/etc/rc.d/rc.iptables] Recreating Waverider accounting rules...
/usr/sbin/iptables -N waverid
/usr/sbin/iptables -A FORWARD -j waverid

/usr/sbin/iptables -A waverid -i eth0 -d 64.251.68.19/32
/usr/sbin/iptables -A waverid -i eth1 -s 64.251.68.19/32
/usr/sbin/iptables -A waverid -i eth0 -d 64.251.69.4/32
/usr/sbin/iptables -A waverid -i eth1 -s 64.251.69.4/32

/usr/sbin/iptables -A waverid -i eth0 -d 10.101.106.2/32
/usr/sbin/iptables -A waverid -i eth1 -s 10.101.106.2/32

-- 
Aaron Clausen

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] iptables, IP accounting and traffic shaping
  2002-10-07 22:52 [LARTC] iptables, IP accounting and traffic shaping Aaron Clausen
@ 2002-10-08 14:17 ` Stef Coene
  2002-10-08 16:32 ` Aaron Clausen
  1 sibling, 0 replies; 3+ messages in thread
From: Stef Coene @ 2002-10-08 14:17 UTC (permalink / raw)
  To: lartc

And where is the script you use to shape the traffic ??
My guess is that you have a filter problem.

Stef

On Tuesday 08 October 2002 00:52, Aaron Clausen wrote:
> I'm having a big problem with a Linux box I have configured as a NAT router
> and for IP accounting.  These two functions work without a hitch, but now I
> want to do some traffic shaping.  I'm using cbq.init, but have the issue
> that no packets are hitting the shaping class.
>
> My machine has two ethernet cards, both on the same subnet, but eth1 being
> connected to a number of internal NAT networks.  I'm using proxy arp to
> pass data between the two ethernet cards.  I hope the following segment of
> my iptables script isn't too big, but it should give a pretty good idea of
> what I'm doing.
>
> # beginning of script
> /usr/sbin/iptables -F
> /usr/sbin/iptables -X
> /usr/sbin/iptables -t nat -F
> /usr/sbin/iptables -t nat -X
> /usr/sbin/iptables -t mangle -F
> /usr/sbin/iptables -P FORWARD ACCEPT
> /usr/sbin/iptables -P INPUT ACCEPT
> /usr/sbin/iptables -P OUTPUT ACCEPT
>
> iptables -t nat -A PREROUTING -i eth0 -d 64.251.69.2 -j DNAT --to
> 10.102.106.2 iptables -t nat -A POSTROUTING -o eth0 -s 10.102.106.2 -j SNAT
> --to 64.251.69.2 iptables -t nat -A PREROUTING -i eth0 -d 64.251.69.3 -j
> DNAT --to 10.101.106.2 iptables -t nat -A POSTROUTING -o eth0 -s
> 10.101.106.2 -j SNAT --to 64.251.69.3
>
> echo [/etc/rc.d/rc.iptables] Recreating NAT tables...
> #iptables -t nat -A POSTROUTING -o eth0 -s 10.101.104.0/21 -d 0/0 -j
> MASQUERADE #iptables -t nat -A POSTROUTING -o eth0 -s 10.102.104.0/21 -d
> 0/0 -j MASQUERADE #iptables -t nat -A POSTROUTING -o eth0 -s
> 10.103.104.0/21 -d 0/0 -j MASQUERADE iptables -t nat -A POSTROUTING -s
> 10.101.104.0/21 -j SNAT --to 64.251.68.21 iptables -t nat -A POSTROUTING -s
> 10.102.104.0/21 -j SNAT --to 64.251.68.21 iptables -t nat -A POSTROUTING -s
> 10.103.104.0/21 -j SNAT --to 64.251.68.21
>
> echo [/etc/rc.d/rc.iptables] Recreating Waverider accounting rules...
> /usr/sbin/iptables -N waverid
> /usr/sbin/iptables -A FORWARD -j waverid
>
> /usr/sbin/iptables -A waverid -i eth0 -d 64.251.68.19/32
> /usr/sbin/iptables -A waverid -i eth1 -s 64.251.68.19/32
> /usr/sbin/iptables -A waverid -i eth0 -d 64.251.69.4/32
> /usr/sbin/iptables -A waverid -i eth1 -s 64.251.69.4/32
>
> /usr/sbin/iptables -A waverid -i eth0 -d 10.101.106.2/32
> /usr/sbin/iptables -A waverid -i eth1 -s 10.101.106.2/32

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] iptables, IP accounting and traffic shaping
  2002-10-07 22:52 [LARTC] iptables, IP accounting and traffic shaping Aaron Clausen
  2002-10-08 14:17 ` Stef Coene
@ 2002-10-08 16:32 ` Aaron Clausen
  1 sibling, 0 replies; 3+ messages in thread
From: Aaron Clausen @ 2002-10-08 16:32 UTC (permalink / raw)
  To: lartc

On Tue, 8 Oct 2002, Stef Coene wrote:

> And where is the script you use to shape the traffic ??
> My guess is that you have a filter problem.

Well, I'm using cbq.init, and just had a basic shaping class.  I can shape
traffic providing I just use 64.251.68.21, which is the IP address for eth0.
Unfortunately, I want to be able to shape specific NAT addresses, not just
the whole pie.  This tells me that the packets are never hitting the traffic
shaper.  I just wondered if anybody had any thoughts.

-- 
Aaron Clausen

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-10-08 16:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-07 22:52 [LARTC] iptables, IP accounting and traffic shaping Aaron Clausen
2002-10-08 14:17 ` Stef Coene
2002-10-08 16:32 ` Aaron Clausen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.