[LARTC] iptables + tc filter fw classifier

[LARTC] iptables + tc filter fw classifier

[Gresham]

HI ,
	I wonder if anyone could help me with the following. 

	I'm trying to divide bandwith across a NAT'ed linux router based on 
(internal) source IP. 

	I've been trying something like the following:

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $EXTERNAL_IP

iptables -t mangle -A PREROUTING -i eth0 -s 192.168.2.0/24 -j MARK --set-mark 
0x1
iptables -t mangle -A PREROUTING -i eth0 -s 192.168.2.111 -j MARK --set-mark 
0x2

tc qdisc add dev eth0 root handle 1: cbq bandwidth 100Mbit avpkt 1000
tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 100Mbit rate 1Mbit 
weight 100Kbit prio 8 maxburst 20 avpkt 1000 bounded
 1015
tc class add dev eth0 parent 1:1 classid 1:999 cbq bandwidth 8Mbit rate 
4096Kbit weight 410Kbit prio 5 maxburst 20 avpkt 1000 bounded
 1016
tc class add dev eth0 parent 1:1 classid 1:512 cbq bandwidth 1Mbit rate 
512Kbit weight 51Kbit prio 5 maxburst 20 avpkt 1000 bounded
 1017
tc qdisc add dev eth0 parent 1:999 tbf rate 4096Kbit burst 64000b lat 1us
 1018
tc qdisc add dev eth0 parent 1:512 tbf rate 512Kbit burst 64000b lat 1us
 1019
tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 0x1 fw classid 
1:999
 1020 
tc filter add dev eth0 parent 1:0 protocol ip prio 5 handle 0x2 fw classid 
1:512

However although the packets are marked correctly they do not actually traver 
se the tc subclasses hanging off eth0 as intended.

I actually had this set-up working fine under ipchains with the -m option to 
set the mark.

	Could anyone advise me as to what I'm doing wrong?

	Thanks in advance

NIck Gresham.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/