I found a little workaround, but I'm not really happy with it. On Fri, Jul 25, 2003 at 12:03:21AM +0200, Daniel Brahneborg wrote: > My setup is like this: > > ISP - [ eth0 'firewall machine' eth1 ] - LAN > > I'd like to split the traffic evenly between the firewall and the LAN, > and then prioritize traffic within those classes, similarly to the > example in the HTB User Guide. I want something like this: > > qdisc root 1: htb default 2 > 1:9 htb rate 240 > 1:1 htb rate 120 ceil 240 > 1:11 htb rate 20 ceil 80 prio 1 > filter: ssh, ack, etc > 11: pfifo > 1:12 htb rate 60 ceil 200 prio 2 > no filter > 12: pfifo > 1:13 htb rate 20 ceil 80 prio 3 > filter: direct connect > 13: pfifo > 1:2 htb rate 120 ceil 240 > 1:21 htb rate 20 ceil 80 prio 1 > 21: pfifo > 1:22 htb rate 60 ceil 200 prio 2 > 22: pfifo > 1:23 htb rate 20 ceil 80 prio 3 > 23: pfifo > > I then use iptables -j MARK to set a '1' if the traffic comes from > eth1. If not, it should end up in 1:2, and 1:1 and 1:2 should be able > to borrow from each other. What I do now is to use ipfilter to set marks on the packets for all six classes, and then set all filters on 1:0. A bit more work for iptables, but it seems to work. Is it a bug that a fiter can't be added to a class? /Basic
