Dieter, Were you able to determine the answer to your question from Stef's reply? : > Im using a Linux Router, sharing dsl for the lan. : > Now Im trying to set up one queue for each Computer conected from lan. : > Setting up the queues is easy, but making a rule that matches them not. : > tc filter add dev ppp0 parent 1: protocol ip prio 10 u32 \ : > match ip src 10.0.0.2/32 \ : > flowid 1:20 : > that doesnt work at all. It produces no error, but they still use default : > (1:50) instead of 1:20. I'm picking on you Dieter, because you are here, OK! This is a classic question on the LARTC list. Here's a brief story about what happens to a packet from a client (C2) on your internal network bound for heise.de (H-DE). I'll assume that FW has interface eth1 (inside) and interface ppp0 (outside). - packet arrives on internal interface eth1 from C2 -> H-DE - packet, masqueraded to outside IP, after SNAT/masq: FW -> H-DE - packet enters traffic control system.... As you can see, the src address is no longer 10.0.0.2/32. So Stef suggests: : You have indeed to mark the packets with iptables when they enter your : router. : : > Now my question, how do you mark your internal traffic? So, you mark packets like this: iptables -t mangle -I PREROUTING -i eth1 -s 10.0.0.2/32 \ -j MARK --set-mark 0x2 : > I dont want to change anything at eth1 (internal net) because the router : > works as Fileserver too. You will probably find it fruitful to use traffic shaping on eth1, because a router can only shape what it transmits*. : That mark can be used by the fw filter to classify the packets. For : examples, see www.docum.org. Specifically, see "Filters, fw filter" here: http://www.docum.org/stef.coene/qos/docs/BB/BB.html http://www.docum.org/stef.coene/qos/docs/filter.html Note, that Stef uses fw filter in his tests frequently, as do I! : I use that filter a lot in my test setups. If you mark a packet, you : give it a number that you choose. And also these two: http://www.docum.org/stef.coene/qos/tests/setup/ : > How do I use eg. iptables? i ve found sth. calles --mark value, but nowere : > explained what "value" means and what values are legal and I dont want it : > to match any rule for the Router (eg. minimized delay or sth). : : So you can choose whatever number you want. The fwmark value is an arbitrary value. It is completely arbitrary. You are in complete control of the value. The value can be a very large number. It is a good habit to use hex notation for this value, because of the ambiguity of this field. : That number is only valid in the linux kernel of the router. The fwmark value is packet meta data, and as such becomes meaningless at the moment the packet is transmitted from the machine. : The fw filter can use that number to classify the packets. In order to actually use the mark (fwmark) for classification, you specify the fwmark in a "tc filter" command. tc filter add dev ppp0 parent $ROOT_CLASS \ protocol ip handle 0x2 fw classid $CHOSEN_CLASS The parameters "handle 0x2 fw" are the parameters which identify your marked packets for classification into $CHOSEN_CLASS. Now, be sure to consult Stef's pages for the details of setting your class rates, planning your class structure, and checking out the details of filtering. Good luck, -Martin * OK, OK, with IMQ, you can shape inbound traffic, and with policing, you can actually perform a task similar to shaping....but let's start out slow, eh? -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
