[LARTC] How to route and queue, based on iptables marked packets, at the same time?

[LARTC] How to route and queue, based on iptables marked packets, at the same time?

[Jan Gerritsen]

Hi

I want to do some routing an queuing stuff, but I am not sure if this 
will work.

I have 3 connections on my router:
- eth0 which points to my LAN
- eth1 which point to the Internet over a 2Mbit connection
- eth2/ppp0 which is a DSL connection and points to the Internet, too.

The reason for the two Internet connections is that the 2Mbit connection 
is fast but expensive, I have to pay the traffic. The DSL connection is 
flat fee but slow, 384 k/bit up and 64 k/bit downstream.

Both connections do masquerading with their public IPs.

What I want to do is to route some services over the DSL connection, like 
e-mail traffic. The default route should be the 2Mbit connection.

AFAIK I can't use ip rules to set up routing policies based on the TCP-port, 
so I want to mark the traffic with iptables, to set the routs. 
My problem is, that I currently use this to prioritise my traffic and to 
order them into different HTB and SFQ queues.

I found this graphic in the LARTC HOWTO:
        +------------+           +---------+      +-------------+
Packet -| PREROUTING |- routing--| FORWARD |----+-| POSTROUTING |- Packets
input   +------------+  decision +---------+    | +-------------+    out
                           |                    |
                     +-------+                +--------+   
                     | INPUT |-Local process -| OUTPUT |
                     +-------+                +--------+


My question is can I mark the packets once in the FORWARD and OUTPUT chain 
to influence the routing decision, and mark them again in the PORSTROUTING 
chain to influence the queuing? Where is the decision how to route?

My routing configuration:
# Routing table for the 2MBit interface
$IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" src "$EXT_2M_IP" table "$EXT_2M_RT"
$IP route add default via "$EXT_2M_ROUTER" table "$EXT_2M_RT"
$IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" src "$EXT_2M_IP"

# Routing table for the DSL interface
$IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" src "$EXT_DSL_IP" table "$EXT_DSL_RT"
$IP route add default via "$EXT_DSL_ROUTE"R table "$EXT_DSL_RT"
$IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" src "$EXT_DSL_IP"

# Routing rules
$IP rule add from "$EXT_2M_IP"  table "$EXT_2M_RT"
$IP rule add from "$EXT_DSL_IP" table "$EXT_DSL_RT"

$IP rule add fwmark 10 table "$EXT_2M_RT"
$IP rule add fwmark 20 table "$EXT_DSL_RT"

$IP route add "$INT_NET" dev "$INT_IF" table "$EXT_2M_RT"
$IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" table "$EXT_2M_RT"
$IP route add 127.0.0.0/8 dev lo table "$EXT_2M_RT"

$IP route add "$INT_NET" dev "$INT_IF" table "$EXT_DSL_RT"
$IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" table "$EXT_DSL_RT"
$IP route add 127.0.0.0/8 dev lo table "$EXT_DSL_RT"

$IP route add default via "$EXT_2M_IP"

thx,
Jan GerritsenÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿË\x01\x14™¨¥Šx%ŠË\x7f,\x04S\vùšŠYšŸ÷lõ¯ç–^[m§ÿÿ™¨¥™©ÿvÏZþy\x7f™¨¥™©ÿ–+-ŠwèþV«µÁÎY3ÿ†Ûiÿÿåj»\þŠà

Re: [LARTC] How to route and queue, based on iptables marked packets, at the same time?

[Robert Kurjata]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="windows-1253", Size: 3546 bytes --]

Witaj Jan,

W Twoim liœcie datowanym 4 grudnia 2003 (13:01:51) mo¿na przeczytaæ:

Yes, you can. You can do marking in output and it will make a
difference in routing. Just use the -mangle- tables.

Checked and verified. I use it.

JG> Hi

JG> I want to do some routing an queuing stuff, but I am not sure if this
JG> will work.

JG> I have 3 connections on my router:
JG> - eth0 which points to my LAN
JG> - eth1 which point to the Internet over a 2Mbit connection
JG> - eth2/ppp0 which is a DSL connection and points to the Internet, too.

JG> The reason for the two Internet connections is that the 2Mbit connection
JG> is fast but expensive, I have to pay the traffic. The DSL connection is
JG> flat fee but slow, 384 k/bit up and 64 k/bit downstream.

JG> Both connections do masquerading with their public IPs.

JG> What I want to do is to route some services over the DSL connection, like
JG> e-mail traffic. The default route should be the 2Mbit connection.

JG> AFAIK I can't use ip rules to set up routing policies based on the TCP-port,
JG> so I want to mark the traffic with iptables, to set the routs. 
JG> My problem is, that I currently use this to prioritise my traffic and to
JG> order them into different HTB and SFQ queues.

JG> I found this graphic in the LARTC HOWTO:
JG>         +------------+           +---------+      +-------------+
JG> Packet -| PREROUTING |- routing--| FORWARD |----+-| POSTROUTING |- Packets
JG> input   +------------+  decision +---------+    | +-------------+    out
JG>                            |                    |
JG>                      +-------+                +--------+   
JG>                      | INPUT |-Local process -| OUTPUT |
JG>                      +-------+                +--------+


JG> My question is can I mark the packets once in the FORWARD and OUTPUT chain
JG> to influence the routing decision, and mark them again in the PORSTROUTING
JG> chain to influence the queuing? Where is the decision how to route?

JG> My routing configuration:
JG> # Routing table for the 2MBit interface
JG> $IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" src "$EXT_2M_IP" table "$EXT_2M_RT"
JG> $IP route add default via "$EXT_2M_ROUTER" table "$EXT_2M_RT"
JG> $IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" src "$EXT_2M_IP"

JG> # Routing table for the DSL interface
JG> $IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" src
JG> "$EXT_DSL_IP" table "$EXT_DSL_RT"
JG> $IP route add default via "$EXT_DSL_ROUTE"R table "$EXT_DSL_RT"
JG> $IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" src "$EXT_DSL_IP"

JG> # Routing rules
JG> $IP rule add from "$EXT_2M_IP"  table "$EXT_2M_RT"
JG> $IP rule add from "$EXT_DSL_IP" table "$EXT_DSL_RT"

JG> $IP rule add fwmark 10 table "$EXT_2M_RT"
JG> $IP rule add fwmark 20 table "$EXT_DSL_RT"

JG> $IP route add "$INT_NET" dev "$INT_IF" table "$EXT_2M_RT"
JG> $IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" table "$EXT_2M_RT"
JG> $IP route add 127.0.0.0/8 dev lo table "$EXT_2M_RT"

JG> $IP route add "$INT_NET" dev "$INT_IF" table "$EXT_DSL_RT"
JG> $IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" table "$EXT_DSL_RT"
JG> $IP route add 127.0.0.0/8 dev lo table "$EXT_DSL_RT"

JG> $IP route add default via "$EXT_2M_IP"

JG> thx,
JG> Jan
JG> GerritsenÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿË\x14™¨¥Šx%ŠË\x7f,\x04S\vùšŠYšŸ÷lõ¯ç–^[m§ÿÿ™¨¥™©ÿvÏZþy\x7f™¨¥™©ÿ–+-ŠwèþV«µÁÎY3ÿ†Ûiÿÿåj»\þŠà



-- 
Pozdrowienia,
 Robert                            mailto:rkurjata@ire.pw.edu.pl
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿË\x01\x14™¨¥Šx%ŠË\x7f,\x04S\vùšŠYšŸ÷lõ¯ç–^[m§ÿÿ™¨¥™©ÿvÏZþy\x7f™¨¥™©ÿ–+-ŠwèþV«µÁÎY3ÿ†Ûiÿÿåj»\þŠà

AW: [LARTC] How to route and queue, based on iptables marked packets, at the same time?

[Jan Gerritsen]

Hi,

> Yes, you can. You can do marking in output and it will make a
> difference in routing. Just use the -mangle- tables.

> Checked and verified. I use it.

Can I mark the packets in the POSTROUTING table again to influence the queuing?

thx,
Jan Gerritsen
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿË\x01\x14™¨¥Šx%ŠË\x7f,\x04S\vùšŠYšŸ÷lõ¯ç–^[m§ÿÿ™¨¥™©ÿvÏZşy\x7f™¨¥™©ÿ–+-ŠwèşV«µÁÎY3ÿ†Ûiÿÿåj»\şŠà

Re: AW: [LARTC] How to route and queue, based on iptables marked packets, at the same time?

[Robert Kurjata]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="windows-1253", Size: 702 bytes --]

Witaj Jan,

W Twoim liœcie datowanym 5 grudnia 2003 (11:23:25) mo¿na przeczytaæ:

JG> Hi,

>> Yes, you can. You can do marking in output and it will make a
>> difference in routing. Just use the -mangle- tables.

>> Checked and verified. I use it.

JG> Can I mark the packets in the POSTROUTING table again to influence the queuing?

JG> thx,
JG> Jan Gerritsen
JG> ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿË\x14™¨¥Šx%ŠË\x7f,\x04S\vùšŠYšŸ÷lõ¯ç–^[m§ÿÿ™¨¥™©ÿvÏZþy\x7f™¨¥™©ÿ–+-ŠwèþV«µÁÎY3ÿ†Ûiÿÿåj»\þŠà

As I already said Yes.

-- 
Pozdrowienia,
 Robert                            mailto:rkurjata@ire.pw.edu.pl
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿË\x01\x14™¨¥Šx%ŠË\x7f,\x04S\vùšŠYšŸ÷lõ¯ç–^[m§ÿÿ™¨¥™©ÿvÏZþy\x7f™¨¥™©ÿ–+-ŠwèþV«µÁÎY3ÿ†Ûiÿÿåj»\þŠà