Hi,
I've got a problem with this configuration:
1) physical network view:
+-----LAN------+
|192.168.0.0/24| +------ROUTER------+
|192.168.1.0/24|--------eth0| |
+--------------+ | |
| |eth2---internet
+----PROXY----+ | |
|192.168.253.5|---------eth1| |
+-------------+ +-------------------
2) traffic shaping - logical view:
-- OUTGOING
+------+
|router|
+------+
| |
imq1
| |
| \__________
| \
| |
| +------------------------+
| |PROXY + mail + ssh + www|
| +------------------------+
| |
| |
| __________/
| /
| |
imq0
| |
+------+
| LAN |
+------+
-- INCOMING
+------+
|router|
+------+
| |
imq2
| |
| \__________
| \
| |
| +------------------------+
| |PROXY + mail + ssh + www|
| +------------------------+
| |
| |
| __________/
| /
| |
imq3
| |
+------+
| LAN |
+------+
I have patch applied to squid which sets TOS field to 8 when they are MISS,
and to 0 for others.
I want to shape server services (ssh/www/mail) at imq1 & imq2 devices and
shape each user on imq0 & imq3 devices.
Iptables rules:
LOCNET=192.168.0.0/16
PROXY=192.168.253.5
PUBNET=xx.xx.xx.xx/yy - my public addresses
# outgoing
# loc -> proxy
$IPT -A PREROUTING -t mangle -s $LOCNET -p tcp --dport 80 -j IMQ --
todev=0
$IPT -A PREROUTING -t mangle -s $LOCNET -p tcp --dport 80 -j ACCEPT
# loc -> loc
$IPT -A PREROUTING -t mangle -s $LOCNET -d $LOCNET -j ACCEPT
# loc -> pub
$IPT -A PREROUTING -t mangle -s $LOCNET -d $PUBNET -j ACCEPT
# proxy -> inet
$IPT -A PREROUTING -t mangle -s $PROXY -p tcp --dport 80 -j IMQ --
todev=1
$IPT -A PREROUTING -t mangle -s $PROXY -p tcp --dport 80 -j ACCEPT
# loc -> inet
$IPT -A PREROUTING -t mangle -s $LOCNET -j IMQ --todev=0
$IPT -A PREROUTING -t mangle -s $LOCNET -j IMQ --todev=1
# incoming
# setting mark for all incoming traffic from the internet
$IPT -I PREROUTING -t mangle -i eth2 -j MARK --set-mark 202
$IPT -A POSTROUTING -t mangle -m mark --mark 202 -d $PROXY -p tcp --
sport 80 -j IMQ --todev=2
$IPT -A POSTROUTING -t mangle -m mark --mark 202 -d $PROXY -p tcp --
sport 80 -j ACCEPT
$IPT -A POSTROUTING -t mangle -s $PROXY -d $LOCNET -m tos --tos 8 -j
IMQ --todev=3
$IPT -A POSTROUTING -t mangle -m mark --mark 202 -d $LOCNET -j IMQ --
todev=2
$IPT -A POSTROUTING -t mangle -m mark --mark 202 -d $LOCNET -j IMQ --
todev=3
Problem occurs for the 2 last lines - incoming to IMQ 2 & 3.
Iptables shows that traffic is going thru the rules, but in ifconfig i have 0
bytes for imq2. Exchanging order from:
$IPT -A POSTROUTING -t mangle -m mark --mark 202 -d $LOCNET -j IMQ --
todev=2
$IPT -A POSTROUTING -t mangle -m mark --mark 202 -d $LOCNET -j IMQ --
todev=3
to:
$IPT -A POSTROUTING -t mangle -m mark --mark 202 -d $LOCNET -j IMQ --
todev=3
$IPT -A POSTROUTING -t mangle -m mark --mark 202 -d $LOCNET -j IMQ --
todev=2
brings the same effect but with imq3 device.
Is there possible to direct packets to imq2 and imq3 too? I spent a lot of
days on it and i can't solve this problem.
regards,
Lukasz
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
