Re: [LARTC] Traffic control + NAT + HTB

From: Ruslan Spivak <alienoid@is.lg.ua>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Traffic control + NAT + HTB
Date: Wed, 28 May 2003 22:39:08 +0000	[thread overview]
Message-ID: <marc-lartc-105416119131088@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105411564511346@msgid-missing>

Martin A. Brown wrote:

>Ruslan,
>
> : Can you help me understand hot to make HTB work with NAT in my situation?
>
>You appear to have the right solution in mind.  Mark the packets before
>the address has been altered, and add the filter command to put the
>packets into your 60Mbit class.
>
> :   ---------------
> : | linux         | eth0  -------
> : | 193.220.70.33 |------|switch |--|cisco|<-->internet
> : | NAT           |      ---------
> : -----------------        |
> :                           |
> : ------------  eth0       |
> : client1     |-------------
> : 192.168.1.1 |
> : -------------
> :
> : Client's(192.168.1.2) default route is to 193.220.70.33
> :
> : On linux server(193.220.70.33) there is rule:
> : iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j SNAT --to
> : 193.220.70.33
> :
> : As i understand i can control traffic bandwidth going to client1 and
> : from client1 on linux server due to one interface on linux server.(maybe
> : i'm wrong)
>
>I noticed your question earlier about using a machine with a single
>interface as a router.  Is that what you are doing here?  If so, then
>you'll want to add one other command, and here's why:
>
> - Your linux machine will only shape data it is transmitting.
> - You are shaping only data transmitted from client1 through the gateway
>   (practically speaking this means you are capping the outbound flow
>   from client1).
>
> : /usr/local/iproute2/sbin/tc qdisc add dev eth0 root handle 1: htb
> : /usr/local/iproute2/sbin/tc class add dev eth0 parent 1:1 classid 1:20 \
> :   htb rate 32kbit ceil 60Mbit
> : /usr/local/iproute2/sbin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq
> : /usr/local/iproute2/sbin/tc filter add dev eth0 parent 1:0 protocol ip \
> :   handle 1 fw flowid 1:20
>
>Your tc commands look correct.  You have an implicit class which will
>transmit as fast as the hardware allows--that is HTB's default.
>
> : /sbin/iptables -t mangle -A POSTROUTING -s 192.168.1.2 -j MARK --set-mark 1
>
>Now, simply add this:
>
>  /sbin/iptables -t mangle -A POSTROUTING -d 192.168.1.2 -j MARK --set-mark 1
>
>Now, you'll be shaping both upload (from source client1) and download
>(to destination client1).
>
> : Will be packet with src 192.168.1.2 put into classid 1:20, or for that
> : moment it will be already nated and his source will be 193.220.70.33?
>
>The mark will survive while the packet is being handled by the kernel, so
>even after NAT, the mark will be available.
>
>-Martin
>
>  
>
Thanks a lot for your valuable reply, Martin!

Can you tell me how to make so that i will have three htb classes 
('local' - 60Mbit, 'internet' - 512Kbit, 'outgoing inet' - 128Kbit) 
under root qdisc,
so that they won't borrow each other?

Best regards,
Ruslan

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/