Re: [LARTC] IMQ

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I asked Patrick about NAT and IMQ and he referred me to an archive post on this:
http://mailman.ds9a.nl/pipermail/lartc/2002q3/004725.html


I have applied this patch and it is working as expected.

Contents included below:

This is a multi-part message in MIME format.
--------------020001010800070707090803
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

sorry last patch was broken, this one is ok.
patrick

Patrick McHardy wrote:

> Hi Daniel,
>
> Daniel Sercaianu wrote:
>
>> I have the following problems:
>> I cannot shape the ip xxx.xxx.xxx.xxx when I do SNAT or MASQUERADE with
>> them. Otherwise when I remove these two iptables lines the shaping works
>> perfectly.
>>
>> It is very important for me to shape the xxx.xxx.xxx.xxx ip and not the
>> yyy.yyy.yyy.yyy. When I tried to shape yyy.yyy.yyy.yyy, it worked.
>>
>> What rules should be added to make this possible?
>>
>>
>> My iptables rules are:
>>
>> iptables -A PREROUTING -t mangle -s xxx.xxx.xxx.xxx -j MARK  --set-mark 1
>> iptables -A POSTROUTING -t nat -s xxx.xxx.xxx.xxx -j SNAT --to
>> zzz.zzz.zzz.zzz -o eth4
>>
>>
>>
>> iptables -t mangle -I PREROUTING -j IMQ
>> ip link set imq0 up
>>
>>
>> ip rule shows the following output:
>>
>> 32764:  from zzz.zzz.zzz.0/24 lookup ew
>> 32765:  from all fwmark        1 lookup ew
>> 32766:  from all lookup main
>> 32767:  from all lookup default
>>
>>
>>
>>
>> My tc + htb rule look like this:
>>
>> /sbin/tc qdisc add dev imq0 root handle 1: htb default 200 r2q 3
>> /sbin/tc class add dev imq0 parent 1:0 classid 1:1 htb rate 100Mbit
>> ceil 100Mbit burst 2k prio 5
>>
>> /sbin/tc filter add dev imq0 parent 1:0 protocol ip prio 5 handle 1:
>> u32 divisor 256
>>
>> /sbin/tc class add dev imq0 parent 1:1 classid 1:2 htb rate 512kbit
>> ceil 512kbit burst 2k prio 5
>> /sbin/tc qdisc add dev imq0 parent 1:2 handle 10: sfq quantum 1514b
>> perturb 10
>> /sbin/tc filter add dev imq0 parent 1:0 protocol ip prio 5 u32 match
>> ip dst xxx.xxx.xxx.xxx flowid 1:2
>
>
>
> If i understood you right this is probably not working because imq sees
> packets before zzz.zzz.zzz.zzz is dnated back to xxx.xxx.xxx.xxx. please
> try the attached patch.
>
>
> bye
>
> patrick
>
>
> ------------------------------------------------------------------------
>
> --- imq.c.origSun Aug 11 15:30:24 2002
> +++ imq.cSun Aug 11 15:31:17 2002
> @@ -37,7 +37,7 @@
>  imq_nf_hook,
>  PF_INET,
>  NF_IP_PRE_ROUTING,
> -NF_IP_PRI_MANGLE + 1
> +NF_IP_PRI_NAT_DST + 1
>  };
>
>  static struct nf_hook_ops imq_egress_ipv4 = {
> @@ -54,7 +54,7 @@
>  imq_nf_hook,
>  PF_INET6,
>  NF_IP6_PRE_ROUTING,
> -NF_IP6_PRI_MANGLE + 1
> +NF_IP6_PRI_NAT_SRC + 1
>  };
>
>  static struct nf_hook_ops imq_egress_ipv6 = {
>


--------------020001010800070707090803 Content-Type: text/plain; name="imqnat.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="imqnat.diff"

--- imq.c.origSun Aug 11 15:30:24 2002
+++ imq.cSun Aug 11 15:31:17 2002
@@ -37,7 +37,7 @@
 imq_nf_hook,
 PF_INET,
 NF_IP_PRE_ROUTING,
-NF_IP_PRI_MANGLE + 1
+NF_IP_PRI_NAT_DST + 1
 };

 static struct nf_hook_ops imq_egress_ipv4 = {
@@ -54,7 +54,7 @@
 imq_nf_hook,
 PF_INET6,
 NF_IP6_PRE_ROUTING,
-NF_IP6_PRI_MANGLE + 1
+NF_IP6_PRI_NAT_DST + 1
 };

static struct nf_hook_ops imq_egress_ipv6 = {

--------------020001010800070707090803--


At 01:24 24/03/2003 +0100, you wrote:
Hello

I have a server with a dsl connection on eth1 and local interface eth0.
Because of the NAT i cannot direct traffic to IMQ device in PREROUTING chain
but have to use INPUT and FORWARD. So i use rules.

iptables -t mangle -A INPUT -i eth1 -j IMQ --todev 0
iptables -t mangle -A FORWARD -i eth1 -j IMQ --todev 0

And now the strange thing: FORWARD traffic gets directed nicely to the IMQ,
but INPUT *doesn't* !

To be just sure i removed "FORWARD" line and left only the "INPUT" (other
mangle rules were removed)

Chain INPUT (policy ACCEPT 3511 packets, 2753307 bytes)
    pkts      bytes target     prot opt in     out     source
destination
     343   439847 IMQ        all  --  eth1   any     anywhere
anywhere           IMQ: todev 0

But when i check IMQ0 using ifconfig:

imq0      Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:30
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

i see there is no traffic going through this device!

Anyone knows how can it be possible ?

--
best regards,
Marcin 'Yans' Bazarnik
yans@xxxxxxxxxx

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_____________________________________________________________ David Watson, Network Manager, Team17 Software Ltd. Phone: +44-1924-267776 Fax: +44-1924-267658 _____________________________________________________________



[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux