Re: How to route and queue, based on iptables marked packets, at the same time?

[Robert Kurjata <rkurjata@xxxxxxxxxxxxx>]

Witaj Jan,

W Twoim liście datowanym 4 grudnia 2003 (13:01:51) można przeczytać:

Yes, you can. You can do marking in output and it will make a
difference in routing. Just use the -mangle- tables.

Checked and verified. I use it.

JG> Hi

JG> I want to do some routing an queuing stuff, but I am not sure if this
JG> will work.

JG> I have 3 connections on my router:
JG> - eth0 which points to my LAN
JG> - eth1 which point to the Internet over a 2Mbit connection
JG> - eth2/ppp0 which is a DSL connection and points to the Internet, too.

JG> The reason for the two Internet connections is that the 2Mbit connection
JG> is fast but expensive, I have to pay the traffic. The DSL connection is
JG> flat fee but slow, 384 k/bit up and 64 k/bit downstream.

JG> Both connections do masquerading with their public IPs.

JG> What I want to do is to route some services over the DSL connection, like
JG> e-mail traffic. The default route should be the 2Mbit connection.

JG> AFAIK I can't use ip rules to set up routing policies based on the TCP-port,
JG> so I want to mark the traffic with iptables, to set the routs. 
JG> My problem is, that I currently use this to prioritise my traffic and to
JG> order them into different HTB and SFQ queues.

JG> I found this graphic in the LARTC HOWTO:
JG>         +------------+           +---------+      +-------------+
JG> Packet -| PREROUTING |- routing--| FORWARD |----+-| POSTROUTING |- Packets
JG> input   +------------+  decision +---------+    | +-------------+    out
JG>                            |                    |
JG>                      +-------+                +--------+   
JG>                      | INPUT |-Local process -| OUTPUT |
JG>                      +-------+                +--------+


JG> My question is can I mark the packets once in the FORWARD and OUTPUT chain
JG> to influence the routing decision, and mark them again in the PORSTROUTING
JG> chain to influence the queuing? Where is the decision how to route?

JG> My routing configuration:
JG> # Routing table for the 2MBit interface
JG> $IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" src "$EXT_2M_IP" table "$EXT_2M_RT"
JG> $IP route add default via "$EXT_2M_ROUTER" table "$EXT_2M_RT"
JG> $IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" src "$EXT_2M_IP"

JG> # Routing table for the DSL interface
JG> $IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" src
JG> "$EXT_DSL_IP" table "$EXT_DSL_RT"
JG> $IP route add default via "$EXT_DSL_ROUTE"R table "$EXT_DSL_RT"
JG> $IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" src "$EXT_DSL_IP"

JG> # Routing rules
JG> $IP rule add from "$EXT_2M_IP"  table "$EXT_2M_RT"
JG> $IP rule add from "$EXT_DSL_IP" table "$EXT_DSL_RT"

JG> $IP rule add fwmark 10 table "$EXT_2M_RT"
JG> $IP rule add fwmark 20 table "$EXT_DSL_RT"

JG> $IP route add "$INT_NET" dev "$INT_IF" table "$EXT_2M_RT"
JG> $IP route add "$EXT_DSL_NET" dev "$EXT_DSL_IF" table "$EXT_2M_RT"
JG> $IP route add 127.0.0.0/8 dev lo table "$EXT_2M_RT"

JG> $IP route add "$INT_NET" dev "$INT_IF" table "$EXT_DSL_RT"
JG> $IP route add "$EXT_2M_NET" dev "$EXT_2M_IF" table "$EXT_DSL_RT"
JG> $IP route add 127.0.0.0/8 dev lo table "$EXT_DSL_RT"

JG> $IP route add default via "$EXT_2M_IP"

JG> thx,
JG> Jan
JG> Gerritsen˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙Ë™¨ĄŠx%ŠË,SůšŠYšź÷lőŻç–m§˙˙™¨Ą™©˙vĎZţy™¨Ą™©˙–+-ŠwčţV«µÁÎY3˙†Űi˙˙ĺj»\ţŠŕ



-- 
Pozdrowienia,
 Robert                            mailto:rkurjata@xxxxxxxxxxxxx
˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙Ë
™¨ĄŠx%ŠË,SůšŠYšź÷lőŻç–m§˙˙™¨Ą™©˙vĎZţy™¨Ą™©˙–+-ŠwčţV«µÁÎY3˙†Űi˙˙ĺj»\ţŠŕ