* [LARTC] HTB question (problem with tc filter + NAT)
@ 2003-06-02 10:35 TeraHz
2003-06-02 10:43 ` Daniel Ortiz
2003-06-02 16:29 ` Stef Coene
0 siblings, 2 replies; 3+ messages in thread
From: TeraHz @ 2003-06-02 10:35 UTC (permalink / raw)
To: lartc
I wan to share internet to these 12 PCs. But my traffic control is not
working. I'm using IP Masquerading to route internet to the LAN
eth0 - LAN interface
eth1 - Internet interface
this is my firs htb script:
#!/bin/bash
tc qdisc del dev eth1 root handle 1:
tc qdisc add dev eth1 root handle 1: htb default 30
tc class add dev eth1 parent 1: classid 1:1 htb rate 25kbps ceil 48kbps
#tc class add dev eth0 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:16 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:17 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:18 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:19 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:21 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:22 htb rate 4kbps ceil 48kbps
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.10 classid 1:11
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.11 classid 1:12
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.13 classid 1:13
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.14 classid 1:14
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.15 classid 1:15
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.19 classid 1:16
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.20 classid 1:17
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.24 classid 1:18
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.29 classid 1:19
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.32 classid 1:20
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.33 classid 1:21
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src
192.168.193.34 classid 1:22
I tryed to change the parent ID, the Interface -> nothing
Stef told me that this is not working because of the NAT
so I've changed the filter part:
tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw classid 1:1
tc filter add dev eth1 parent 1:0 protocol ip handle 11 fw classid 1:12
tc filter add dev eth1 parent 1:0 protocol ip handle 13 fw classid 1:13
tc filter add dev eth1 parent 1:0 protocol ip handle 14 fw classid 1:14
tc filter add dev eth1 parent 1:0 protocol ip handle 15 fw classid 1:15
tc filter add dev eth1 parent 1:0 protocol ip handle 19 fw classid 1:16
tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw classid 1:17
tc filter add dev eth1 parent 1:0 protocol ip handle 24 fw classid 1:18
tc filter add dev eth1 parent 1:0 protocol ip handle 29 fw classid 1:19
tc filter add dev eth1 parent 1:0 protocol ip handle 32 fw classid 1:20
tc filter add dev eth1 parent 1:0 protocol ip handle 33 fw classid 1:21
tc filter add dev eth1 parent 1:0 protocol ip handle 34 fw classid 1:22
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.10 -j MARK --
set-mark 10
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.11 -j MARK --
set-mark 11
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.13 -j MARK --
set-mark 13
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.14 -j MARK --
set-mark 14
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.15 -j MARK --
set-mark 15
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.19 -j MARK --
set-mark 19
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.20 -j MARK --
set-mark 20
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.24 -j MARK --
set-mark 24
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.29 -j MARK --
set-mark 29
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.32 -j MARK --
set-mark 32
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.33 -j MARK --
set-mark 33
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.34 -j MARK --
set-mark 34
I thing that this is wright but no!
I've changed FORWARD with OUTUP. I tryed without specifying Interface ->
still nothing.
What is wrong?
there is no filtration at all! Every packet is forwarded to the root
class! You can guess what happens when someone from the LAN starts to
dowload!
My router box is: Slackware 9.0 (2.4.20 kernel)
Thank you
------------------- изпратено от mail.bG
Силна Анти-спам защита
12MB Място за поща
SMS за нов емeйл и към двата оператора!
POP3/WAP Достъп
_________________________________________
HOB БEЗПЛATEH AДPEC - http://mail.bg/new/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] HTB question (problem with tc filter + NAT)
2003-06-02 10:35 [LARTC] HTB question (problem with tc filter + NAT) TeraHz
@ 2003-06-02 10:43 ` Daniel Ortiz
2003-06-02 16:29 ` Stef Coene
1 sibling, 0 replies; 3+ messages in thread
From: Daniel Ortiz @ 2003-06-02 10:43 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1756 bytes --]
On Mon, Jun 02, 2003 at 01:35:31PM +0300, TeraHz wrote:
> I wan to share internet to these 12 PCs. But my traffic control is not
> working. I'm using IP Masquerading to route internet to the LAN
>
> eth0 - LAN interface
> eth1 - Internet interface
>
> this is my firs htb script:
> #!/bin/bash
> tc qdisc del dev eth1 root handle 1:
>
> tc qdisc add dev eth1 root handle 1: htb default 30
>
> tc class add dev eth1 parent 1: classid 1:1 htb rate 25kbps ceil 48kbps
> #tc class add dev eth0 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
> tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
...
>
> I tryed to change the parent ID, the Interface -> nothing
>
> Stef told me that this is not working because of the NAT
>
> so I've changed the filter part:
>
>
> tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw classid 1:1
> tc filter add dev eth1 parent 1:0 protocol ip handle 11 fw classid 1:12
...
> iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.33 -j MARK --
> set-mark 33
> iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.34 -j MARK --
> set-mark 34
>
> I thing that this is wright but no!
> I've changed FORWARD with OUTUP. I tryed without specifying Interface ->
> still nothing.
>
> What is wrong?
> there is no filtration at all! Every packet is forwarded to the root
> class! You can guess what happens when someone from the LAN starts to
> dowload!
>
> My router box is: Slackware 9.0 (2.4.20 kernel)
>
>
> Thank you
>
Try with PREROUTING.
--
BSD ownz me
--
Daniel Ortiz
d.ortiz@in.ilimit.es
ILIMIT Comunicacions
Departament Sistemes
http://www.ilimit.es
Tel: (+34) 93 733 33 75
Fax: (+34) 93 733 32 43
[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] HTB question (problem with tc filter + NAT)
2003-06-02 10:35 [LARTC] HTB question (problem with tc filter + NAT) TeraHz
2003-06-02 10:43 ` Daniel Ortiz
@ 2003-06-02 16:29 ` Stef Coene
1 sibling, 0 replies; 3+ messages in thread
From: Stef Coene @ 2003-06-02 16:29 UTC (permalink / raw)
To: lartc
On Monday 02 June 2003 12:35, TeraHz wrote:
> I wan to share internet to these 12 PCs. But my traffic control is not
> working. I'm using IP Masquerading to route internet to the LAN
>
> eth0 - LAN interface
> eth1 - Internet interface
>
<snipped a lot>
> I thing that this is wright but no!
> I've changed FORWARD with OUTUP. I tryed without specifying Interface ->
> still nothing.
>
> What is wrong?
> there is no filtration at all! Every packet is forwarded to the root
> class! You can guess what happens when someone from the LAN starts to
> dowload!
Check out with iptables -L -v -n -t mangle if the packets get marked.
And the mark and the classid are in hex. So to be sure, write the mark as
0x37 like
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.34 -j MARK --
set-mark 0x34
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-06-02 16:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-06-02 10:35 [LARTC] HTB question (problem with tc filter + NAT) TeraHz
2003-06-02 10:43 ` Daniel Ortiz
2003-06-02 16:29 ` Stef Coene
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.