From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ruslan Spivak Date: Wed, 28 May 2003 22:39:08 +0000 Subject: Re: [LARTC] Traffic control + NAT + HTB Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Martin A. Brown wrote: >Ruslan, > > : Can you help me understand hot to make HTB work with NAT in my situation? > >You appear to have the right solution in mind. Mark the packets before >the address has been altered, and add the filter command to put the >packets into your 60Mbit class. > > : --------------- > : | linux | eth0 ------- > : | 193.220.70.33 |------|switch |--|cisco|<-->internet > : | NAT | --------- > : ----------------- | > : | > : ------------ eth0 | > : client1 |------------- > : 192.168.1.1 | > : ------------- > : > : Client's(192.168.1.2) default route is to 193.220.70.33 > : > : On linux server(193.220.70.33) there is rule: > : iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j SNAT --to > : 193.220.70.33 > : > : As i understand i can control traffic bandwidth going to client1 and > : from client1 on linux server due to one interface on linux server.(maybe > : i'm wrong) > >I noticed your question earlier about using a machine with a single >interface as a router. Is that what you are doing here? If so, then >you'll want to add one other command, and here's why: > > - Your linux machine will only shape data it is transmitting. > - You are shaping only data transmitted from client1 through the gateway > (practically speaking this means you are capping the outbound flow > from client1). > > : /usr/local/iproute2/sbin/tc qdisc add dev eth0 root handle 1: htb > : /usr/local/iproute2/sbin/tc class add dev eth0 parent 1:1 classid 1:20 \ > : htb rate 32kbit ceil 60Mbit > : /usr/local/iproute2/sbin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq > : /usr/local/iproute2/sbin/tc filter add dev eth0 parent 1:0 protocol ip \ > : handle 1 fw flowid 1:20 > >Your tc commands look correct. You have an implicit class which will >transmit as fast as the hardware allows--that is HTB's default. > > : /sbin/iptables -t mangle -A POSTROUTING -s 192.168.1.2 -j MARK --set-mark 1 > >Now, simply add this: > > /sbin/iptables -t mangle -A POSTROUTING -d 192.168.1.2 -j MARK --set-mark 1 > >Now, you'll be shaping both upload (from source client1) and download >(to destination client1). > > : Will be packet with src 192.168.1.2 put into classid 1:20, or for that > : moment it will be already nated and his source will be 193.220.70.33? > >The mark will survive while the packet is being handled by the kernel, so >even after NAT, the mark will be available. > >-Martin > > > Thanks a lot for your valuable reply, Martin! Can you tell me how to make so that i will have three htb classes ('local' - 60Mbit, 'internet' - 512Kbit, 'outgoing inet' - 128Kbit) under root qdisc, so that they won't borrow each other? Best regards, Ruslan _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/