From: Stef Coene <stef.coene@docum.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Help needed
Date: Sat, 05 Apr 2003 15:29:31 +0000 [thread overview]
Message-ID: <marc-lartc-104955663610983@msgid-missing> (raw)
In-Reply-To: <marc-lartc-102137074301469@msgid-missing>
On Saturday 05 April 2003 16:52, Fernando del Valle wrote:
> Hi,
>
> I have a Squid proxy connected to the Internet by ADSL which serves a small
> LAN.
>
> [ ADSL ] -- [(ppp0) PROXY (eth1)] -- [LAN 192.168.0.0/24]
> Shaped: (0.0.0.0/0) ---> -------------------------> --> ------------>
> Unshaped:
> (squid) -----> --> ------------>
>
> I've set up traffic shaping using CBQ by IP on eth1. But it shapes ALL the
> traffic sent over local Ethernet, and I'd like to keep proxy traffic which
> didn't came from ppp0 unshaped. I marked with iptables everything that
> comes from ppp0, but I can't get it to work with both filters (by handle
> and by IP). I don't realise how should I create the structure of classes.
> Anyway, it might be enough to leave traffic from ports 80 and 3128
> unshaped, but how can I do it? I browsed the documentation (and googled)
> and I couldn't determine:
So you want proxied traffic unshaped. You can use the source address. All
traffic from ip-address = eth1 is local traffic , all other traffic is
internet traffic. The only problem is proxy traffic. Because you don't know
if the traffic came from ppp0 or it was fetched form the proxy cache. You
can mark the packets coming in from ppp0, but the mark is lost when the
packet enters the proxy.
> a) if more than one filter can be attached to a class;
Yes you can. They are ordered based on prio.
> b) if all filters sharing a class are parsed or the first match exits;
As soon as a filter matches, the packet is sended to the destination of the
filter.
> c) if all subclasses of a class are parsed or the first match exits.
I'm not sure what you want to say. But if a packet enters a class, all
filters are tested. If a filter matches, the packet is send to the
destination class. And if that class is not a leaf class (it has child
classes), the filters attached to that class are tested again. This goes on,
untill the packet ends up in a class with not child classes (a leaf class).
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-04-05 15:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-14 10:15 [LARTC] Help Needed Vishal Malhan
2003-04-05 14:52 ` [LARTC] Help needed Fernando del Valle
2003-04-05 15:09 ` Esteban Ribicic
2003-04-05 15:29 ` Stef Coene [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104955663610983@msgid-missing \
--to=stef.coene@docum.org \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.