Re: Forwarded traffic bypassing filter

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Is the netmask actually /24 instead of /8 or are you bridging the
traffic with Machine1?

On Thu, 2003-10-16 at 17:26, Amit Gandhi wrote:
> Please consider the following scenario & corresponding question.....
> 
> 
>                     Machine1                             Machine2
>                 _________________                  _________________
> MachineX        |               |                  |               |
> HTTP(1)         |               |                  |  HTTP Server  |
> ------>-------->|          -----|------------------|               |
>             eth0|         /     |eth1              |eth0           |
>  10.20.253.242/8|        /      |10.20.255.238/8   |10.20.246.247/8|
>                 |    HTTP(2)    |                  |               |
>                 |_______________|                  |_______________|
> 
>                 10.20.246.247 dev eth1
> 		10.20.246.247 dev eth1 lladdr xx:xx:xx:xx:xx:xx
>                 proxy_arp =1
>                 ip_forward=1
> 
> Here are my shaping rules (primary goal is to send the web traffic
> through a seperate queue)
> 
> tc qdisc add dev eth1 root handle 1: htb default 20
> 
> tc class add dev eth1 parent 1: classid 1:1 htb rate 2mbit burst 15k
> 
> tc class add dev eth1 parnet 1:1 classid 1:10 htb rate 1mbit ceil 2mbit
> burst 15k
> tc class add dev eth1 parnet 1:1 classid 1:20 htb rate 1mbit burst 15k
> 
> tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
> 
> tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dport
> 0x50 0xffff flowid 1:10
> 
> 
> Now, after all of this configuration I've observed that:
> 
> a) All the web requests comming from "MachineX" go thru the default
> queue 20
> b) Web traffic generated from "Machine1" does gets send thru queue 10
> 
> 
> Why, is the forwarded traffic bypassing the filter?
> 
> I inserted debug messages in the 'u32_classify' function
> inside the kernel, just to make sure that the filter is not
> failing, but the function never gets called for HTTP(1)
> traffic!!!
> 
> 
> Regards,
> +Amit
> email: subscribeamit@xxxxxxxxx
> 
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
> _______________________________________________
> LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-- 
    Lawrence MacIntyre     865.574.8696     lpz@xxxxxxxx
               Oak Ridge National Laboratory
High Performance Information Infrastructure Technology Group

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux