From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Juergen" Date: Mon, 04 Jun 2001 07:41:55 +0000 Subject: [LARTC] Can I use Ingress and Egress in one NAT Server MIME-Version: 1 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0005_01C0ED0C.E2678740" Message-Id: List-Id: To: lartc@vger.kernel.org This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C0ED0C.E2678740 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: quoted-printable My enviroment is like this... FTP SERVER 1------| =20 |-----------eth0-----eth1---------||| = My FTP Client|||| FTP SERVER 2------| (NAT Server) I want to mark the flow 0x88 from FTP Server 1 and mark 0x98 from FTP = Server 2 When TOS's value is 0x88 then give it 1Mbit, 0x98 is 3Mbit So my script is: -------------------------------------------------------------------------= ---------------------------- INDEV=3D"eth1" EDEV=3D"eth1" tc qdisc add dev $INDEV handle 1:0 root dsmark indices 64 set_tc_index tc class change dev $INDEV parent 1:0 classid 1:2 dsmark mask 0x3 value = 0x88 tc class change dev $INDEV parent 1:0 classid 1:3 dsmark mask 0x3 value = 0x98 tc filter add dev $INDEV parent 1:0 protocol ip prio 4 u32 match ip src = \ 140.92.61.20 flowid 1:2 tc filter add dev $INDEV parent 1:0 protocol ip prio 4 u32 match ip src = \ 140.92.61.40 flowid 1:3 tc qdisc add dev $EDEV parent 1:0 handle 3: cbq bandwidth 10Mbit avpkt = 500 tc class add dev $EDEV parent 3:0 classid 3:1 cbq bandwidth 10Mbit rate = \ 1Mbit allot 1514 weight 100Kbit prio 8 maxburst 20 avpkt 500 isolated = bounded tc class add dev $EDEV parent 3:0 classid 3:2 cbq bandwidth 10Mbit rate = \ 3Mbit allot 1514 weight 300Kbit prio 8 maxburst 20 avpkt 500 isolated = bounded tc filter add dev $EDEV parent 3:0 protocol ip prio 4 u32 match ip tos \ 0x88 0xfc flowid 3:1 tc filter add dev $EDEV parent 3:0 protocol ip prio 4 u32 match ip tos \ 0x98 flowid 3:2 -------------------------------------------------------------------------= --------------------------- I found that it can really modify my TOS value, but cannot shap with = 1Mbit or 3Mbit. If I use u32 and parameter is "ip src 140.92.61.x", then it can = works.(shap with the correct bandwdth --> 1Mbit or 3Mbit ) At least I use iptables and tc to combind and it finally works (mark = and shape at the same time....and correctly). But my problem is iptables can only modify TOS with 5 kinds of = value...and AF num have 12 values.... How can I do with AF num???? ------=_NextPart_000_0005_01C0ED0C.E2678740 Content-Type: text/html; charset="big5" Content-Transfer-Encoding: quoted-printable
My enviroment is like this...
 
FTP SERVER=20 1------|           = ;            =             &= nbsp;          =20
        =    =20            =20           =20 |-----------eth0-----eth1---------||| My FTP Client||||
FTP SERVER=20 2------|           = ;   (NAT=20 Server)
 
 
I want to mark the flow 0x88 from FTP Server 1 and = mark 0x98=20 from FTP Server 2
When TOS's value is 0x88 then give it 1Mbit, 0x98 is = 3Mbit
So my script is:
 
-----------------------------------------------------------------------------------------------------
INDEV=3D"eth1"
EDEV=3D"eth1"
 

tc qdisc add dev $INDEV handle 1:0 root dsmark = indices 64=20 set_tc_index
 
tc class change dev $INDEV parent 1:0 classid 1:2 = dsmark mask=20 0x3 value 0x88
tc class change dev $INDEV parent 1:0 classid 1:3 = dsmark mask=20 0x3 value 0x98
 
tc filter add dev $INDEV parent 1:0 protocol ip prio = 4 u32=20 match ip src \
140.92.61.20 flowid 1:2
tc filter add dev $INDEV = parent 1:0=20 protocol ip prio 4 u32 match ip src \
140.92.61.40 flowid = 1:3
 

tc qdisc add dev $EDEV parent 1:0 handle 3: cbq = bandwidth=20 10Mbit avpkt 500
tc class add dev $EDEV parent 3:0 classid 3:1 cbq = bandwidth=20 10Mbit rate \
1Mbit allot 1514 weight 100Kbit prio 8 maxburst 20 = avpkt 500=20 isolated bounded
tc class add dev $EDEV parent 3:0 classid 3:2 cbq = bandwidth=20 10Mbit rate \
3Mbit allot 1514 weight 300Kbit prio 8 maxburst 20 = avpkt 500=20 isolated bounded
 
tc filter add dev $EDEV parent 3:0 protocol ip prio = 4 u32=20 match ip tos \
0x88 0xfc flowid 3:1
tc filter add dev $EDEV parent = 3:0=20 protocol ip prio 4 u32 match ip tos \
0x98 flowid 3:2
----------------------------------------------------------------------------------------------------
 
I found that it can really modify my TOS value, but = cannot=20 shap with 1Mbit or 3Mbit.
If I use u32 and parameter is "ip src = 140.92.61.x", then=20 it can works.(shap with the correct bandwdth --> 1Mbit or 3Mbit=20 )
At least I use iptables and tc to combind and it = finally=20 works  (mark and shape at the same time....and = correctly).
But my problem is iptables can only modify TOS with = 5 kinds of=20 value...and AF num have 12 values....
How can I do with AF num????
 
------=_NextPart_000_0005_01C0ED0C.E2678740-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/