From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Ortiz Date: Mon, 02 Jun 2003 10:43:13 +0000 Subject: Re: [LARTC] HTB question (problem with tc filter + NAT) MIME-Version: 1 Content-Type: multipart/mixed; boundary="RnlQjJ0d97Da+TV1" Message-Id: List-Id: References: In-Reply-To: To: lartc@vger.kernel.org --RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 02, 2003 at 01:35:31PM +0300, TeraHz wrote: > I wan to share internet to these 12 PCs. But my traffic control is not=20 > working. I'm using IP Masquerading to route internet to the LAN >=20 > eth0 - LAN interface > eth1 - Internet interface >=20 > this is my firs htb script: > #!/bin/bash > tc qdisc del dev eth1 root handle 1: >=20 > tc qdisc add dev eth1 root handle 1: htb default 30 >=20 > tc class add dev eth1 parent 1: classid 1:1 htb rate 25kbps ceil 48kbps > #tc class add dev eth0 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps > tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps =2E.. >=20 > I tryed to change the parent ID, the Interface -> nothing >=20 > Stef told me that this is not working because of the NAT >=20 > so I've changed the filter part: >=20 >=20 > tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw classid 1:1 > tc filter add dev eth1 parent 1:0 protocol ip handle 11 fw classid 1:12 =2E.. > iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.33 -j MARK -- > set-mark 33 > iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.34 -j MARK -- > set-mark 34 >=20 > I thing that this is wright but no! > I've changed FORWARD with OUTUP. I tryed without specifying Interface ->= =20 > still nothing. >=20 > What is wrong? > there is no filtration at all! Every packet is forwarded to the root=20 > class! You can guess what happens when someone from the LAN starts to=20 > dowload! >=20 > My router box is: Slackware 9.0 (2.4.20 kernel) >=20 >=20 > Thank you >=20 Try with PREROUTING. --=20 BSD ownz me -- Daniel Ortiz d.ortiz@in.ilimit.es ILIMIT Comunicacions Departament Sistemes http://www.ilimit.es Tel: (+34) 93 733 33 75 Fax: (+34) 93 733 32 43 --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+2ypBPprEQTARuLoRAuWRAKC81TvvHWavwjnQoNGhTzcUfadowwCfTBlv PO6CUew8W3B0rImcn5TU/DA= =ePhh -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/