[LARTC] HTB question (problem with tc filter + NAT)

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I wan to share internet to these 12 PCs. But my traffic control is not 
working. I'm using IP Masquerading to route internet to the LAN

eth0 - LAN interface
eth1 - Internet interface

this is my firs htb script:
#!/bin/bash
tc qdisc del dev eth1 root handle 1:

tc qdisc add dev eth1 root handle 1: htb default 30

tc class add dev eth1 parent 1: classid 1:1 htb rate 25kbps ceil 48kbps
#tc class add dev eth0 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:16 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:17 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:18 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:19 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:21 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:22 htb rate 4kbps ceil 48kbps

tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.10 classid 1:11
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.11 classid 1:12
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.13 classid 1:13
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.14 classid 1:14
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.15 classid 1:15
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.19 classid 1:16
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.20 classid 1:17
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.24 classid 1:18
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.29 classid 1:19
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.32 classid 1:20
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.33 classid 1:21
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.34 classid 1:22

I tryed to change the parent ID, the Interface -> nothing

Stef told me that this is not working because of the NAT

so I've changed the filter part:


tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw classid 1:1
tc filter add dev eth1 parent 1:0 protocol ip handle 11 fw classid 1:12
tc filter add dev eth1 parent 1:0 protocol ip handle 13 fw classid 1:13
tc filter add dev eth1 parent 1:0 protocol ip handle 14 fw classid 1:14
tc filter add dev eth1 parent 1:0 protocol ip handle 15 fw classid 1:15
tc filter add dev eth1 parent 1:0 protocol ip handle 19 fw classid 1:16
tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw classid 1:17
tc filter add dev eth1 parent 1:0 protocol ip handle 24 fw classid 1:18
tc filter add dev eth1 parent 1:0 protocol ip handle 29 fw classid 1:19
tc filter add dev eth1 parent 1:0 protocol ip handle 32 fw classid 1:20
tc filter add dev eth1 parent 1:0 protocol ip handle 33 fw classid 1:21
tc filter add dev eth1 parent 1:0 protocol ip handle 34 fw classid 1:22

iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.10 -j MARK --
set-mark 10
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.11 -j MARK --
set-mark 11
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.13 -j MARK --
set-mark 13
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.14 -j MARK --
set-mark 14
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.15 -j MARK --
set-mark 15
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.19 -j MARK --
set-mark 19
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.20 -j MARK --
set-mark 20
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.24 -j MARK --
set-mark 24
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.29 -j MARK --
set-mark 29
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.32 -j MARK --
set-mark 32
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.33 -j MARK --
set-mark 33
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.34 -j MARK --
set-mark 34

I thing that this is wright but no!
I've changed FORWARD with OUTUP. I tryed without specifying Interface -> 
still nothing.

What is wrong?
there is no filtration at all! Every packet is forwarded to the root 
class! You can guess what happens when someone from the LAN starts to 
dowload!

My router box is: Slackware 9.0 (2.4.20 kernel)


Thank you


------------------- изпратено от  mail.bG
Силна Анти-спам защита
12MB Място за поща
SMS за нов емeйл и към двата оператора!
POP3/WAP Достъп
_________________________________________
HOB БEЗПЛATEH AДPEC - http://mail.bg/new/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux