Re: [LARTC] Help needed

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Saturday 05 April 2003 16:52, Fernando del Valle wrote:
> Hi,
>
> I have a Squid proxy connected to the Internet by ADSL which serves a small
> LAN.
>
>                 [ ADSL ] -- [(ppp0) PROXY (eth1)] -- [LAN 192.168.0.0/24]
> Shaped: (0.0.0.0/0) ---> -------------------------> --> ------------>
> Unshaped:
>                                    (squid) -----> --> ------------>
>
> I've set up traffic shaping using CBQ by IP on eth1. But it shapes ALL the
> traffic sent over local Ethernet, and I'd like to keep proxy traffic which
> didn't came from ppp0 unshaped. I marked with iptables everything that
> comes from ppp0, but I can't get it to work with both filters (by handle
> and by IP). I don't realise how should I create the structure of classes.
> Anyway, it might be enough to leave traffic from ports 80 and 3128
> unshaped, but how can I do it? I browsed the documentation (and googled)
> and I couldn't determine:
So you want proxied traffic unshaped.  You can use the source address.  All 
traffic from ip-address = eth1 is local traffic , all other traffic is 
internet traffic.  The only problem is proxy traffic.  Because you don't know 
if the traffic came from ppp0 or it was fetched form the proxy cache.  You 
can mark the packets coming in from ppp0, but the mark is lost when the 
packet enters the proxy.

> a) if more than one filter can be attached to a class;
Yes you can.  They are ordered based on prio.
> b) if all filters sharing a class are parsed or the first match exits;
As soon as a filter matches, the packet is sended to the destination of the 
filter.

> c) if all subclasses of a class are parsed or the first match exits.
I'm not sure what you want to say.  But if a packet enters a class, all 
filters are tested.  If a filter matches, the packet is send to the 
destination class.  And if that class is not a leaf class (it has child 
classes), the filters attached to that class are tested again.  This goes on, 
untill the packet ends up in a class with not child classes (a leaf class).

Stef

-- 

stef.coene@xxxxxxxxx
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux