From: Ramin Alidousti <ramin@UU.NET>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Marking packets for shaping
Date: Thu, 17 May 2001 11:24:54 +0000 [thread overview]
Message-ID: <marc-lartc-99009876717239@msgid-missing> (raw)
In-Reply-To: <marc-lartc-99002340108447@msgid-missing>
OK. My question is: where are you doing the ftp from?
1) When you use OUTPUT the packets originating from your firewall
will be marked.
2) When you use INPUT the packets destined for your firewall
will be marked. (you don't use this because it's too late for tc).
3) When you use PREROUTING the packets received from the network
will be marked.
4) When you use POSTROUTING the packets leaving your firewall will
be marked. (you don't use this because it's too late for tc).
It all depends on your application, what you want to mark, in which
direction and where in the forwarding process.
Ramin
On Thu, May 17, 2001 at 05:57:35PM -0400, johan@pinguind.co.id wrote:
> This is the result when I use with OUTPUT chain
>
> 150 Opening BINARY mode data connection for iproute-2.2.4-2.i386.rpm (327439
> bytes).
> 226 Transfer complete.
> 327439 bytes received in 21 secs (15 Kbytes/sec)
>
> With configuration like this
>
> bash# iptables -t mangle -L
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> MARK tcp -- fvbs.pinguind.co.id anywhere state RELATED,ESTABLISHED MARK set 0x1
> MARK tcp -- fvbs.pinguind.co.id anywhere tcp spt:www MARK set 0x2
>
> ---[ eth0: configured classes ]---------------------------
>
> class cbq 10: root rate 10Mbit (bounded,isolated) prio no-transmit
> class cbq 10:2 parent 10: rate 10Mbit prio 4
> class cbq 10:4 parent 10:2 leaf 8001: rate 128Kbit prio 4
> class cbq 10:5 parent 10:2 leaf 8002: rate 256Kbit prio 4
>
> ---[ eth0: queueing disciplines ]-------------------------
>
> qdisc tbf 8002: rate 256Kbit burst 10Kb lat 190.7ms
> qdisc tbf 8001: rate 128Kbit burst 10Kb lat 381.5ms
> qdisc cbq 10: rate 10Mbit (bounded,isolated) prio no-transmit
>
>
> On Wed, May 16, 2001 at 07:30:57PM -0400, Ramin Alidousti wrote:
> > Aren't you making any mistake here, Johan? OUTPUT chain is meant
> > for the outgoing packets from the firewall itself. What Jaco is
> > doing is receiving packets from the network which will never pass
> > the OUTPUT chain.
> >
> > Ramin
> >
> > On Thu, May 17, 2001 at 06:29:00AM -0400, johan@pinguind.co.id wrote:
> >
> > > I had ever met this condition
> > > I change chain rule at iptables,try like this
> > >
> > > iptables -I OUTPUT -t mangle -p tcp -s 0/0 -d 192.168.62.0/24 -j MARK
> > > --set-mark 1
> > >
> > > and it works.
> > >
> > > Regards
> > >
> > > Johan
> > >
> > > On Wed, May 16, 2001 at 11:07:07AM -0400, Ramin Alidousti wrote:
> > > > I assume that the packets come in on eth0, right? And I'm not sure
> > > > if the mangle table sees the destination as 192.168.62.0/24 or as
> > > > the original destination address. Try this:
> > > >
> > > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d 192.168.62.0/24 \
> > > > -j MARK --set-mark 1
> > > >
> > > > If it doesn't work, try:
> > > >
> > > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d <orig dst IP's>
> > > > -j MARK --set-mark 1
> > > >
> > > > Hope it works,
> > > > Ramin
>
> --
> -\x1e'-
> (o o)
> ---------ooO--(_)--Ooo-------------------------------------------------
> ( )/ \( )( ) ( ) ( \( ) Visit us at http://www.pinguind.co.id
> __)(( () ))__( /__\ ) ( Feel free to contact me at ICQ #47240718
> (___/ \__/(_)(_)(_)(_)(_)\_) email:johan@pinguind.co.id
> -----------------------------------------------------------------------
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
--
Ramin Alidousti ramin@UU.NET
Advanced Development tel +1 703 886 2640
UUNET, A WorldCom Company fax +1 703 886 0536
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
next prev parent reply other threads:[~2001-05-17 11:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-05-16 14:32 [LARTC] Marking packets for shaping Jaco van der Schyff
2001-05-16 14:40 ` Ramin Alidousti
2001-05-16 14:52 ` Jaco van der Schyff
2001-05-16 15:07 ` Ramin Alidousti
2001-05-16 22:23 ` Ramin Alidousti
2001-05-16 23:19 ` johan
2001-05-16 23:30 ` Ramin Alidousti
2001-05-17 10:44 ` johan
2001-05-17 10:47 ` johan
2001-05-17 11:24 ` Ramin Alidousti [this message]
2001-05-17 12:41 ` johan
2001-05-17 12:52 ` Ramin Alidousti
2001-05-17 20:04 ` Rodrigo Goya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-99009876717239@msgid-missing \
--to=ramin@uu.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.