Re: [LARTC] How to route and queue, based on iptables marked packets, at the same time?

[Robert Kurjata <rkurjata@ire.pw.edu.pl>]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="windows-1253", Size: 3546 bytes --]

Witaj Jan,

W Twoim liœcie datowanym 4 grudnia 2003 (13:01:51) mo¿na przeczytaæ:

Yes, you can. You can do marking in output and it will make a
difference in routing. Just use the -mangle- tables.

Checked and verified. I use it.

JG> Hi

JG> I want to do some routing an queuing stuff, but I am not sure if this
JG> will work.

JG> I have 3 connections on my router:
JG> - eth0 which points to my LAN
JG> - eth1 which point to the Internet over a 2Mbit connection
JG> - eth2/ppp0 which is a DSL connection and points to the Internet, too.

JG> The reason for the two Internet connections is that the 2Mbit connection
JG> is fast but expensive, I have to pay the traffic. The DSL connection is
JG> flat fee but slow, 384 k/bit up and 64 k/bit downstream.

JG> Both connections do masquerading with their public IPs.

JG> What I want to do is to route some services over the DSL connection, like
JG> e-mail traffic. The default route should be the 2Mbit connection.

JG> AFAIK I can't use ip rules to set up routing policies based on the TCP-port,
JG> so I want to mark the traffic with iptables, to set the routs. 
JG> My problem is, that I currently use this to prioritise my traffic and to
JG> order them into different HTB and SFQ queues.

JG> I found this graphic in the LARTC HOWTO:
JG>         +------------+           +---------+      +-------------+
JG> Packet -| PREROUTING |- routing--| FORWARD |----+-| POSTROUTING |- Packets
JG> input   +------------+  decision +---------+    | +-------------+    out
JG>                            |                    |
JG>                      +-------+                +--------+   
JG>                      | INPUT |-Local process -| OUTPUT |
JG>                      +-------+                +--------+


JG> My question is can I mark the packets once in the FORWARD and OUTPUT chain
JG> to influence the routing decision, and mark them again in the PORSTROUTING
JG> chain to influence the queuing? Where is the decision how to route?

JG> My routing configuration:
JG> # Routing table for the 2MBit interface
JG> $IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" src "$EXT_2M_IP" table "$EXT_2M_RT"
JG> $IP route add default via "$EXT_2M_ROUTER" table "$EXT_2M_RT"
JG> $IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" src "$EXT_2M_IP"

JG> # Routing table for the DSL interface
JG> $IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" src
JG> "$EXT_DSL_IP" table "$EXT_DSL_RT"
JG> $IP route add default via "$EXT_DSL_ROUTE"R table "$EXT_DSL_RT"
JG> $IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" src "$EXT_DSL_IP"

JG> # Routing rules
JG> $IP rule add from "$EXT_2M_IP"  table "$EXT_2M_RT"
JG> $IP rule add from "$EXT_DSL_IP" table "$EXT_DSL_RT"

JG> $IP rule add fwmark 10 table "$EXT_2M_RT"
JG> $IP rule add fwmark 20 table "$EXT_DSL_RT"

JG> $IP route add "$INT_NET" dev "$INT_IF" table "$EXT_2M_RT"
JG> $IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" table "$EXT_2M_RT"
JG> $IP route add 127.0.0.0/8 dev lo table "$EXT_2M_RT"

JG> $IP route add "$INT_NET" dev "$INT_IF" table "$EXT_DSL_RT"
JG> $IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" table "$EXT_DSL_RT"
JG> $IP route add 127.0.0.0/8 dev lo table "$EXT_DSL_RT"

JG> $IP route add default via "$EXT_2M_IP"

JG> thx,
JG> Jan
JG> GerritsenÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿË\x14™¨¥Šx%ŠË\x7f,\x04S\vùšŠYšŸ÷lõ¯ç–^[m§ÿÿ™¨¥™©ÿvÏZþy\x7f™¨¥™©ÿ–+-ŠwèþV«µÁÎY3ÿ†Ûiÿÿåj»\þŠà



-- 
Pozdrowienia,
 Robert                            mailto:rkurjata@ire.pw.edu.pl
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿË\x01\x14™¨¥Šx%ŠË\x7f,\x04S\vùšŠYšŸ÷lõ¯ç–^[m§ÿÿ™¨¥™©ÿvÏZþy\x7f™¨¥™©ÿ–+-ŠwèþV«µÁÎY3ÿ†Ûiÿÿåj»\þŠà