-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have finally worked a solution for egress traffic, but now i am a bit troubled with ingress with IMQ due to SNAT
Here is my script, i have tried lots of combinations but with IMQ, the filters do not filter to the classes at all.
I am pretty sure its because of the SNAT i am doing. Any one nows how to work around this problem?
I attach the script:
UPLINK=300
DEV=eth2
IDEV=imq1
IQDEV=1
tc qdisc add dev $DEV root handle 1:0 htb default 766
tc class add dev $DEV parent 1:0 classid 1:1 htb rate 300kbit ceil 300kbit
tc qdisc add dev ${IDEV} handle 1: root htb default 766
tc class add dev ${IDEV} parent 1: classid 1:1 htb rate 1900kbit ceil 1900kbit
echo "Qdisc primario 1:1 [OK]"
for ((a=2;a<766;a=a+3))
do
tc class add dev $DEV parent 1:1 classid 1:$a htb rate 2kbit ceil 300kbit
tc class add dev ${IDEV} parent 1:1 classid 1:$a htb rate 2kbit ceil 1900kbit
done
for ((a=2,b=3;a<766;a=a+3,b=b+3))
do
tc class add dev $DEV parent 1:$a classid 1:$b htb rate 1kbit ceil 300kbit
tc qdisc add dev $DEV parent 1:$b handle $b: pfifo
tc class add dev ${IDEV} parent 1:$a classid 1:$b htb rate 1kbit ceil 1900kbit
tc qdisc add dev ${IDEV} parent 1:$b handle $b: pfifo
done
echo "Clases interactivas y Qdiscs [OK]"
for ((a=2,b=4;a<766;a=a+3,b=b+3))
do
tc class add dev $DEV parent 1:$a classid 1:$b htb rate 1kbit ceil 300kbit
tc qdisc add dev $DEV parent 1:$b handle $b: sfq perturb 10
tc class add dev ${IDEV} parent 1:$a classid 1:$b htb rate 1kbit ceil 1900kbit
tc qdisc add dev ${IDEV} parent 1:$b handle $b: sfq perturb 10
done
echo "Clases no-interactivas y Qdiscs [OK]"
for ((a=2,b=3,c=4;a<256;a++,b=b+3,c=c+3))
do
iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p icmp -j MARK --set-mark $b
iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p tcp --dport :1024 -j MARK --set-mark $b
iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p tcp --dport 1024: -j MARK --set-mark $c
iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p udp --dport :1024 -j MARK --set-mark $b
iptables -t mangle -A FORWARD -s 192.168.2.$a -i eth3 -p udp --dport 1024: -j MARK --set-mark $c
iptables -t mangle -A PREROUTING -d 192.168.2.$a -p icmp -j MARK --set-mark $b
iptables -t mangle -A PREROUTING -d 192.168.2.$a -p tcp --sport :1024 -j MARK --set-mark $b
iptables -t mangle -A PREROUTING -d 192.168.2.$a -p tcp --sport 1024: -j MARK --set-mark $c
iptables -t mangle -A PREROUTING -d 192.168.2.$a -p udp --sport :1024 -j MARK --set-mark $b
iptables -t mangle -A PREROUTING -d 192.168.2.$a -p udp --sport 1024: -j MARK --set-mark $c
tc filter add dev $DEV protocol ip parent 1:0 handle $b fw flowid 1:$b
tc filter add dev $DEV protocol ip parent 1:0 handle $c fw flowid 1:$c
tc filter add dev $IDEV protocol ip parent 1:0 handle $b fw flowid 1:$b
tc filter add dev $IDEV protocol ip parent 1:0 handle $c fw flowid 1:$c
done
echo "MANGLE y FILTROS [OK]" DEV=eth0
iptables -t mangle -A POSTROUTING -o eth3 -j IMQ --todev ${IQDEV}
ip link set ${IDEV} up
ip link set ${DEV} txqueue 30
- -----Mensaje original-----
De: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] En nombre de Stef Coene
Enviado el: martes, 22 de abril de 2003 21:06
Para: GoMi
CC: lartc@xxxxxxxxxxxxxxx
Asunto: Re: [LARTC] Lots amounts of classes to solve the DAP problem
On Tuesday 22 April 2003 20:58, GoMi wrote:
> Because i want each IP to differ from interctive traffic and the rest.
> I have to change the ceil cuantity so they can get the full bw. I dont
> get what you say about the root qdisc, i forgot to add to the script
> tc qdisc add dev $DEV root handle 1: htb :)
I mean this :
1:
1:1 with rate = ceil = link bandwidth
1:2 IP1
1:3 IP2
etc
Stef
- --
stef.coene@xxxxxxxxx
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPqaK637diNnrrZKsEQI0LgCgwVy/IzJ8JYiSRbfKNGLf8kXMIhwAoPae
nzZ18637z02Pedi4NXSleWNg
=GbCa
-----END PGP SIGNATURE-----
