From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Robert Vale" <bob@mirai.net>
Date: Fri, 11 Oct 2002 11:32:57 +0000
Subject: [LARTC] IMQ and NAT
MIME-Version: 1
Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C27119.F25FE400"
Message-Id: <marc-lartc-103433601516926@msgid-missing>
List-Id: <lartc.vger.kernel.org>
To: lartc@vger.kernel.org

This is a multi-part message in MIME format.

------_=_NextPart_001_01C27119.F25FE400
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I'm trying to get IMQ working correctly as incoming on a box that is =
running SNAT.
=20
I've modified imq.c so that it fires after IP_PRI_NAT_DST instead of =
mangle and am using tc filter commands to choose the flowid based on the =
destination address.  IMQ still seems to be firing before the system has =
reversed the SNAT.
=20
scripts I'm using
=20
  tc qdisc add dev imq0 root handle 1: htb default 20
=20
  DOWNLINK=3D512
  LIMIT=3D"ceil ${DOWNLINK}kbit"
=20
  tc class add dev imq0 parent 1: classid 1:1 htb rate ${DOWNLINK}kbit

  tc class add dev imq0 parent 1:1 classid 1:10 htb rate 64kbit $LIMIT
  tc class add dev imq0 parent 1:1 classid 1:20 htb rate 64kbit $LIMIT
=20
  tc qdisc add dev imq0 parent 1:10 handle 10: sfq
  tc qdisc add dev imq0 parent 1:20 handle 20: sfq

  tc filter add dev imq0 parent 1: protocol ip prio 1 u32 match ip dst =
172.30.0.2/32 flowid 1:10
=20
  iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0
  iptables -t nat -A PREROUTING -s 172.30.0.0/24 -d ! 172.30.0.0/24 -j =
MASQUERADE

  ip link set imq0 up

------_=_NextPart_001_01C27119.F25FE400
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">


<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial size=3D2>I'm =
trying to get=20
IMQ working correctly as incoming on a box that is running=20
SNAT.</FONT></SPAN></DIV>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial size=3D2>I've =
modified imq.c=20
so that it fires after IP_PRI_NAT_DST instead of mangle and am using tc =
filter=20
commands to choose the flowid based on the destination address.&nbsp; =
IMQ still=20
seems to be firing before the system has reversed the =
SNAT.</FONT></SPAN></DIV>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial =
size=3D2>scripts I'm=20
using</FONT></SPAN></DIV>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial size=3D2>&nbsp; =
tc qdisc add=20
dev imq0 root handle 1: htb default 20</FONT></SPAN></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial size=3D2>&nbsp; =

DOWNLINK=3D512</FONT></SPAN></DIV>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial size=3D2>&nbsp; =
LIMIT=3D"ceil=20
${DOWNLINK}kbit"</FONT></SPAN></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><SPAN class=3D724131911-11102002><FONT face=3DArial size=3D2>&nbsp; =
tc class add=20
dev imq0 parent 1: classid 1:1 htb rate =
${DOWNLINK}kbit</FONT></SPAN></DIV>
<DIV><SPAN class=3D724131911-11102002><BR><FONT face=3DArial =
size=3D2>&nbsp; tc class=20
add dev imq0 parent 1:1 classid 1:10 htb rate 64kbit $LIMIT<BR>&nbsp; tc =
class=20
add dev imq0 parent 1:1 classid 1:20 htb rate 64kbit $LIMIT</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp; tc qdisc add dev imq0 parent =
1:10 handle 10:=20
sfq<BR>&nbsp; tc qdisc add dev imq0 parent 1:20 handle 20: =
sfq<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp; tc filter add dev imq0 parent 1: =
protocol ip=20
prio 1 u32 match ip dst 172.30.0.2/32 flowid 1:10</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp; iptables -t mangle -A PREROUTING =
-i eth0 -j=20
IMQ --todev 0</FONT></DIV>
<DIV><SPAN class=3D724131911-11102002></SPAN><FONT face=3DArial =
size=3D2>&nbsp;<SPAN=20
class=3D724131911-11102002> iptables -t nat -A PREROUTING -s =
172.30.0.0/24&nbsp;-d=20
! 172.30.0.0/24 -j MASQUERADE</SPAN><BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp; ip link set imq0=20
up</FONT></SPAN></DIV></BODY></HTML>

------_=_NextPart_001_01C27119.F25FE400--
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/