I mark everything on my internal interface. I have classes for incoming websurfing traffic which I use HTB to control the traffic. This is done on my internal NIC. I also have classes on my external interface which controls my outgoing traffic such as web (port 80) and smtp (port 25). This is done on my external NIC. Mike Fetherston > -----Original Message----- > From: Eddie [mailto:eddieknows@xxxxxxxxxxxx] > Sent: Monday, December 08, 2003 10:02 AM > To: Mike > Subject: RE: mangle > > So you put all rules on your internal interface? > > On Mon, 2003-12-08 at 16:43, Mike wrote: > > *This message was transferred with a trial version of CommuniGate(tm) > Pro* > > In my case eth1 is my internal NIC. I'm giving certain groups of IP's > > certain amounts of bandwidth. If you're trying to give full bandwidth > > to ssh traffic, you could mark on destination port 22 and assign that > > mark to a flowid with full bandwidth. I believe you would still use the > > PREROUTING table to mark with. > > > > Why do you want to give SSH traffic full bandwidth? > > > > Mike Fetherston > > > > > -----Original Message----- > > > From: Eddie [mailto:eddieknows@xxxxxxxxxxxx] > > > Sent: Monday, December 08, 2003 9:53 AM > > > To: Mike > > > Subject: RE: mangle > > > > > > ok that is how I have,if eth1 is external,this will shape traffic for > > > all the lan people,right. > > > BUT what do I do to give me full bandwidth when I ssh remotely to work > > > on the box.Will I use OUTPUT?? > > > Thanks,it helped allot:-)realy > > > > > > > > > On Mon, 2003-12-08 at 16:31, Mike wrote: > > > > *This message was transferred with a trial version of > > CommuniGate(tm) > > > Pro* > > > > I've been using PREROUTING to mark packets and it's been working > > very > > > > well. > > > > > > > > iptables -t mangle -I PREROUTING -i eth1 -s $IP --j MARK --set-mark > > 3 > > > > > > > > and if you're using HTB, this command: > > > > > > > > tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 3 fw > > flowid > > > > 1:13 > > > > > > > > will act on those marked packets. It's the 'handle 3' which uses > > the > > > > --set-mark 3. > > > > > > > > Mike Fetherston > > > > > > > > > -----Original Message----- > > > > > From: Eddie [mailto:eddieknows@xxxxxxxxxxxx] > > > > > Sent: Monday, December 08, 2003 8:40 AM > > > > > To: lartc > > > > > Subject: mangle > > > > > > > > > > Hi all > > > > > I have a linux gateway box,eth1 internet and eth0 lan > > > > > Now I made my qdisk for eth1 but now I want to mark them with > > > > iptables. > > > > > The thing it I dont now wht to use,-A FORWARD or PREROUTING? > > > > > Please can someone help > > > > > thanks > > > > > > > > > > eddie > > > > > > > > > > _______________________________________________ > > > > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > > http://lartc.org/ > > _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
