iptables, IP accounting and traffic shaping

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm having a big problem with a Linux box I have configured as a NAT router
and for IP accounting.  These two functions work without a hitch, but now I
want to do some traffic shaping.  I'm using cbq.init, but have the issue
that no packets are hitting the shaping class.

My machine has two ethernet cards, both on the same subnet, but eth1 being
connected to a number of internal NAT networks.  I'm using proxy arp to pass
data between the two ethernet cards.  I hope the following segment of my
iptables script isn't too big, but it should give a pretty good idea of what
I'm doing.

# beginning of script
/usr/sbin/iptables -F
/usr/sbin/iptables -X
/usr/sbin/iptables -t nat -F
/usr/sbin/iptables -t nat -X
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -P FORWARD ACCEPT
/usr/sbin/iptables -P INPUT ACCEPT
/usr/sbin/iptables -P OUTPUT ACCEPT

iptables -t nat -A PREROUTING -i eth0 -d 64.251.69.2 -j DNAT --to 10.102.106.2
iptables -t nat -A POSTROUTING -o eth0 -s 10.102.106.2 -j SNAT --to 64.251.69.2
iptables -t nat -A PREROUTING -i eth0 -d 64.251.69.3 -j DNAT --to 10.101.106.2
iptables -t nat -A POSTROUTING -o eth0 -s 10.101.106.2 -j SNAT --to 64.251.69.3

echo [/etc/rc.d/rc.iptables] Recreating NAT tables...
#iptables -t nat -A POSTROUTING -o eth0 -s 10.101.104.0/21 -d 0/0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth0 -s 10.102.104.0/21 -d 0/0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth0 -s 10.103.104.0/21 -d 0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.101.104.0/21 -j SNAT --to 64.251.68.21
iptables -t nat -A POSTROUTING -s 10.102.104.0/21 -j SNAT --to 64.251.68.21
iptables -t nat -A POSTROUTING -s 10.103.104.0/21 -j SNAT --to 64.251.68.21

echo [/etc/rc.d/rc.iptables] Recreating Waverider accounting rules...
/usr/sbin/iptables -N waverid
/usr/sbin/iptables -A FORWARD -j waverid

/usr/sbin/iptables -A waverid -i eth0 -d 64.251.68.19/32
/usr/sbin/iptables -A waverid -i eth1 -s 64.251.68.19/32
/usr/sbin/iptables -A waverid -i eth0 -d 64.251.69.4/32
/usr/sbin/iptables -A waverid -i eth1 -s 64.251.69.4/32

/usr/sbin/iptables -A waverid -i eth0 -d 10.101.106.2/32
/usr/sbin/iptables -A waverid -i eth1 -s 10.101.106.2/32

-- 
Aaron Clausen

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux