RE: [LARTC] mangle

From: "Mike" <mike@superiorholidayadventures.ca>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] mangle
Date: Mon, 08 Dec 2003 15:00:46 +0000	[thread overview]
Message-ID: <marc-lartc-107089579123011@msgid-missing> (raw)
In-Reply-To: <marc-lartc-107089337719633@msgid-missing>

I mark everything on my internal interface.  I have classes for incoming
websurfing traffic which I use HTB to control the traffic.  This is done
on my internal NIC.

I also have classes on my external interface which controls my outgoing
traffic such as web (port 80) and smtp (port 25).  This is done on my
external NIC.

Mike Fetherston

> -----Original Message-----
> From: Eddie [mailto:eddieknows@ananzi.co.za]
> Sent: Monday, December 08, 2003 10:02 AM
> To: Mike
> Subject: RE: [LARTC] mangle
> 
> So you put all rules on your internal interface?
> 
> On Mon, 2003-12-08 at 16:43, Mike wrote:
> > *This message was transferred with a trial version of
CommuniGate(tm)
> Pro*
> > In my case eth1 is my internal NIC.  I'm giving certain groups of
IP's
> > certain amounts of bandwidth.  If you're trying to give full
bandwidth
> > to ssh traffic, you could mark on destination port 22 and assign
that
> > mark to a flowid with full bandwidth.  I believe you would still use
the
> > PREROUTING table to mark with.
> >
> > Why do you want to give SSH traffic full bandwidth?
> >
> > Mike Fetherston
> >
> > > -----Original Message-----
> > > From: Eddie [mailto:eddieknows@ananzi.co.za]
> > > Sent: Monday, December 08, 2003 9:53 AM
> > > To: Mike
> > > Subject: RE: [LARTC] mangle
> > >
> > > ok that is how I have,if eth1 is external,this will shape traffic
for
> > > all the lan people,right.
> > > BUT what do I do to give me full bandwidth when I ssh remotely to
work
> > > on the box.Will I use OUTPUT??
> > > Thanks,it helped allot:-)realy
> > >
> > >
> > > On Mon, 2003-12-08 at 16:31, Mike wrote:
> > > > *This message was transferred with a trial version of
> > CommuniGate(tm)
> > > Pro*
> > > > I've been using PREROUTING to mark packets and it's been working
> > very
> > > > well.
> > > >
> > > > iptables -t mangle -I PREROUTING -i eth1 -s $IP --j MARK
--set-mark
> > 3
> > > >
> > > > and if you're using HTB, this command:
> > > >
> > > > tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 3 fw
> > flowid
> > > > 1:13
> > > >
> > > > will act on those marked packets.  It's the 'handle 3' which
uses
> > the
> > > > --set-mark 3.
> > > >
> > > > Mike Fetherston
> > > >
> > > > > -----Original Message-----
> > > > > From: Eddie [mailto:eddieknows@ananzi.co.za]
> > > > > Sent: Monday, December 08, 2003 8:40 AM
> > > > > To: lartc
> > > > > Subject: [LARTC] mangle
> > > > >
> > > > > Hi all
> > > > > I have a linux gateway box,eth1 internet and eth0 lan
> > > > > Now I made my qdisk for eth1 but now I want to mark them with
> > > > iptables.
> > > > > The thing it I dont now wht to use,-A FORWARD or PREROUTING?
> > > > > Please can someone help
> > > > > thanks
> > > > >
> > > > > eddie
> > > > >
> > > > > _______________________________________________
> > > > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> > http://lartc.org/
> >

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/