Re: iptables, IP accounting and traffic shaping

Stef Coene <stef.coene@xxxxxxxxx> · Tue, 8 Oct 2002 16:17:40 +0200

And where is the script you use to shape the traffic ??
My guess is that you have a filter problem.

Stef

On Tuesday 08 October 2002 00:52, Aaron Clausen wrote:
> I'm having a big problem with a Linux box I have configured as a NAT router
> and for IP accounting.  These two functions work without a hitch, but now I
> want to do some traffic shaping.  I'm using cbq.init, but have the issue
> that no packets are hitting the shaping class.
>
> My machine has two ethernet cards, both on the same subnet, but eth1 being
> connected to a number of internal NAT networks.  I'm using proxy arp to
> pass data between the two ethernet cards.  I hope the following segment of
> my iptables script isn't too big, but it should give a pretty good idea of
> what I'm doing.
>
> # beginning of script
> /usr/sbin/iptables -F
> /usr/sbin/iptables -X
> /usr/sbin/iptables -t nat -F
> /usr/sbin/iptables -t nat -X
> /usr/sbin/iptables -t mangle -F
> /usr/sbin/iptables -P FORWARD ACCEPT
> /usr/sbin/iptables -P INPUT ACCEPT
> /usr/sbin/iptables -P OUTPUT ACCEPT
>
> iptables -t nat -A PREROUTING -i eth0 -d 64.251.69.2 -j DNAT --to
> 10.102.106.2 iptables -t nat -A POSTROUTING -o eth0 -s 10.102.106.2 -j SNAT
> --to 64.251.69.2 iptables -t nat -A PREROUTING -i eth0 -d 64.251.69.3 -j
> DNAT --to 10.101.106.2 iptables -t nat -A POSTROUTING -o eth0 -s
> 10.101.106.2 -j SNAT --to 64.251.69.3
>
> echo [/etc/rc.d/rc.iptables] Recreating NAT tables...
> #iptables -t nat -A POSTROUTING -o eth0 -s 10.101.104.0/21 -d 0/0 -j
> MASQUERADE #iptables -t nat -A POSTROUTING -o eth0 -s 10.102.104.0/21 -d
> 0/0 -j MASQUERADE #iptables -t nat -A POSTROUTING -o eth0 -s
> 10.103.104.0/21 -d 0/0 -j MASQUERADE iptables -t nat -A POSTROUTING -s
> 10.101.104.0/21 -j SNAT --to 64.251.68.21 iptables -t nat -A POSTROUTING -s
> 10.102.104.0/21 -j SNAT --to 64.251.68.21 iptables -t nat -A POSTROUTING -s
> 10.103.104.0/21 -j SNAT --to 64.251.68.21
>
> echo [/etc/rc.d/rc.iptables] Recreating Waverider accounting rules...
> /usr/sbin/iptables -N waverid
> /usr/sbin/iptables -A FORWARD -j waverid
>
> /usr/sbin/iptables -A waverid -i eth0 -d 64.251.68.19/32
> /usr/sbin/iptables -A waverid -i eth1 -s 64.251.68.19/32
> /usr/sbin/iptables -A waverid -i eth0 -d 64.251.69.4/32
> /usr/sbin/iptables -A waverid -i eth1 -s 64.251.69.4/32
>
> /usr/sbin/iptables -A waverid -i eth0 -d 10.101.106.2/32
> /usr/sbin/iptables -A waverid -i eth1 -s 10.101.106.2/32

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: iptables, IP accounting and traffic shaping

Linux Advanced Routing and Traffic Control