All of lore.kernel.org
 help / color / mirror / Atom feed
From: Gresham <gresham@heimdall.intranet.ipsupport.co.uk>
To: lartc@vger.kernel.org
Subject: [LARTC] iptables + tc filter fw classifier
Date: Thu, 15 Mar 2001 12:52:49 +0000	[thread overview]
Message-ID: <marc-lartc-98466089315801@msgid-missing> (raw)

HI ,
	I wonder if anyone could help me with the following. 

	I'm trying to divide bandwith across a NAT'ed linux router based on 
(internal) source IP. 

	I've been trying something like the following:

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $EXTERNAL_IP

iptables -t mangle -A PREROUTING -i eth0 -s 192.168.2.0/24 -j MARK --set-mark 
0x1
iptables -t mangle -A PREROUTING -i eth0 -s 192.168.2.111 -j MARK --set-mark 
0x2

tc qdisc add dev eth0 root handle 1: cbq bandwidth 100Mbit avpkt 1000
tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 1Mbit 
weight 100Kbit prio 8 maxburst 20 avpkt 1000 bounded
 1015
tc class add dev eth0 parent 1:1 classid 1:999 cbq bandwidth 8Mbit rate 
4096Kbit weight 410Kbit prio 5 maxburst 20 avpkt 1000 bounded
 1016
tc class add dev eth0 parent 1:1 classid 1:512 cbq bandwidth 1Mbit rate 
512Kbit weight 51Kbit prio 5 maxburst 20 avpkt 1000 bounded
 1017
tc qdisc add dev eth0 parent 1:999 tbf rate 4096Kbit burst 64000b lat 1us
 1018
tc qdisc add dev eth0 parent 1:512 tbf rate 512Kbit burst 64000b lat 1us
 1019
tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 0x1 fw classid 
1:999
 1020 
tc filter add dev eth0 parent 1:0 protocol ip prio 5 handle 0x2 fw classid 
1:512

However although the packets are marked correctly they do not actually traver 
se the tc subclasses hanging off eth0 as intended.

I actually had this set-up working fine under ipchains with the -m option to 
set the mark.

	Could anyone advise me as to what I'm doing wrong?

	Thanks in advance

NIck Gresham.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

                 reply	other threads:[~2001-03-15 12:52 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-98466089315801@msgid-missing \
    --to=gresham@heimdall.intranet.ipsupport.co.uk \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.