[LARTC] balancing behind NAT?

[Sander thrill12@gmx.net]

<PRE>At 13:25 30-11-00 +0100, you wrote:
&gt;<i>Hi,
</I>&gt;<i>
</I>&gt;<i>I'd like to setup cbq for my 7 lan users, but i'd like to do it only for 
</I>&gt;<i>the internet connect (LAN is accessing internet through masquerading), not 
</I>&gt;<i>for the whole server machine: i mean somebody on the lan should access the 
</I>&gt;<i>server at full rate(10Mbit/s), but internet at for example 30KB/sec).
</I>&gt;<i>i now i've setup only kbits, but those dramastic low-speed was to see 
</I>&gt;<i>easily if it was working or not :)
</I>&gt;<i>
</I>&gt;<i>how could i do that?
</I>&gt;<i>
</I>&gt;<i>my lan NIC is eth0 and internet eth1, i already tried the following 
</I>&gt;<i>thingie that doesn't work (i suppose it's logic, but i had to try it ;) )
</I>&gt;<i>
</I>&gt;<i>And, How could i reset all the cbq existing config to remake a new one?
</I>&gt;<i>
</I>&gt;<i>tc qdisc add dev eth1 root handle 10: cbq bandwidth 105Kbit avpkt 1000
</I>&gt;<i>tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 105Kbit rate \
</I>&gt;<i>   105Kbit allot 1514 weight 15Kbit prio 8 maxburst 20 avpkt 1000
</I>&gt;<i>
</I>&gt;<i>tc class add dev eth1 parent 10:1 classid 10:100 cbq bandwidth 105Kbit rate \
</I>&gt;<i>   10Kbit allot 1514 weight 5Kbit prio 5 maxburst 20 avpkt 1000 bounded
</I>&gt;<i>
</I>&gt;<i>tc qdisc add dev eth1 parent 10:100 sfq quantum 1514b perturb 15
</I>&gt;<i>tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15
</I>&gt;<i>
</I>&gt;<i>tc filter add dev eth1 parent 10:0 protocol ip prio 25 u32 match ip dst \
</I>&gt;<i>    192.168.0.0/16 flowid 10:100
</I>I got the same problem, until I figured out that you cant denote 
IP-adresses with the filter, as those are 'masqueraded' out and replaced by 
the router's address. With your ipchains-masquerading command, you should 
add a 'mark packet' command, which gives each individual forwarded machine 
an individual mark on its packets, so tc filter can pick those out. An 
example configuration of me (upstream!):
(eth1 is the outgoing interface)

# masq a fictious machine and mark it with 0xa (hexadecimal = 10 decimal!)
/sbin/ipchains -A forward -s 192.168.0.1/32 -j MASQ -m 0xa

#make root class with 128 kbit
/usr/bin/tc qdisc add dev eth1 root handle 1: cbq bandwidth 128Kbit avpkt 1000
/usr/bin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 128Kbit 
rate 128Kbit \
allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000

#this gives the fictious machine above a bounded bandwidth of 40 kbit
/usr/bin/tc class add dev eth1 parent 1:1classid 1:11 cbq bandwidth 128Kbit 
rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:1
/usr/bin/tc qdisc add dev eth1 parent 1:11 sfq quantum 1514b perturb 15
#here we add the filter command and give with it 'handle 10' which 
corresponds to the fictious machine above, which was marked with 10 (=0xa):

/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 10 
fw classid 1:11

That's it for one machine, the rest you can hopely figure out for yourself ;)

Sander Raaijmakers


</PRE>