On Fri, Dec 28, 2001 at 03:33:58AM +0000, arindam wrote: > hi all, > my system with kernel 2.4.16 & 2.4.17( RH-7.2) has > netfilter-1.2.4, iproute-ss010803, squid, dns with 4 > ether cards.i am trying a simple situation where i > want to shape traffic all the interfaces. at present > iam using netfilter to allow a few ips, using > transparent squid & iproute to limit bandwidth. i feel > i must give more bandwidth for my local servers for my > office & customers. > i need some help from u Gurus in knowing what i did > wrong here. > a) y no trafic is passing thru the http handle 101. > infcat only the 102 handle is working(seen below) ?? 'tcp dst' is not working as you think it is. Use 'ip dport'. > b) whats recomended--marking pkts in iproute or > iptables ?? AFAIK, ip can't mark packets. > c) if i mark pkts with iptables, will i be still able > to use transparent squid as well as shape bandwidth(i > havnt tried this so far) An fwmark will not survive a transparent proxy. You may want to police on ingress. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc
