On Thursday 24 April 2003 16:12, GoMi wrote:
> Hi there stef, since it does not work with the set up i sent you, i am
> thinking in changing the qdiscs to esfq. I will try that today and see what
> happens. Another question.. With the scripts i sent to the mailing list,
> there is an enormous amount of rules in the PREROUTING mangle section.
> Since each user has 1 class and those classes 2 marks to distinguish
> between interactive and noninteractive traffic. Thats more than 500
> entries. I am not sure if thats a bit "too mutch" so i thought adding
> filters on eth0 and eth2 in the root qdisc and then based on the src
> address send it to the class, and there have tc filtres based on marks,
> that way i would have 250 filters on the root chain to a their class, and
> then 2 more filters in each class, having only 2 -J MARK entries in the
> mangle chain to mark pachets. The problem is i am doing SNAT and the EGRESS
> QDISC is applied after the SNAT so the tc filter based on src address do
> not work at all. Any idea how to solve that?
You can only solve that problem with the fw filter. But you can use the fw
filter in a special way. If you add 1 fw filter with no options, the mark is
used to classify the packets. So if you have a packet with mark 10, it will
placed in class x:10. So you only have the 500 iptables rules and only 1
filter rule.
Stef
--
stef.coene@xxxxxxxxx
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
