I try to shape traffic using HTB and mark packets within iptables using PREROUTING. But the filterrules seems to ignore the marks set with PREROUTING^^
Only POSTROUTING marks are accepted.
First my configuration
I have a router connected to the internet via ADSL over interface ppp0. eth0 is a tunnel to ppp0 and eth1 serves the LAN.
LAN is 192.168.57.0/24 on 10Mbit
ppp0 is 80.126.16.44 on 320Kbit upstream and 2048Kbit downstream
These are the kernel/programs involved:
Kernel 2.4.20 (Suse 8.2) iproute version 2.4.7 iptables version 1.2.7a
Underneath the HTB script and a snapshot of the iptables script. The HTB script is executed on the beginning of the iptables script.
# Configure HTB qdisc
/usr/sbin/tc qdisc add dev eth1 root handle 1:0 htb default 30
/usr/sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate 1960kbit burst 15k
/usr/sbin/tc class add dev eth1 parent 1:1 classid 1:10 htb rate 152kbit ceil 152kbit burst 2k prio 1
/usr/sbin/tc class add dev eth1 parent 1:1 classid 1:20 htb rate 950kbit ceil 1808kbit burst 15k prio 5
/usr/sbin/tc class add dev eth1 parent 1:1 classid 1:30 htb rate 646kbit ceil 900kbit burst 15k prio 10
/usr/sbin/tc class add dev eth1 parent 1:1 classid 1:40 htb rate 133kbit ceil 152kbit burst 15k prio 15
/usr/sbin/tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
/usr/sbin/tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
/usr/sbin/tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
/usr/sbin/tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
# Filter rules
/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 1 fw flowid 1:10
/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 2 fw flowid 1:10
/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 4 fw flowid 1:20
/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 5 fw flowid 1:20
/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 8 fw flowid 1:30
/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 10 fw flowid 1:40
# Snapshot off iptables script. scp and ssh as an exapmle # Standard policy is -j DROP
/usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1 --dport 22 \
-m tos --tos Maximize-Throughput -j MARK --set-mark 10
/usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
You are only marking packets inbound on eth1, but shaping outbound.
Andy.
--dport 22 \ -m tos --tos Minimize-Delay -j MARK --set-mark 2
/usr/sbin/iptables -A FORWARD -p tcp -i eth1 -o ppp0 -s 192.168.57.0/24 \
-d 0/0 --dport 22 -j ACCEPT
/usr/sbin/iptables -A POSTROUTING -t nat -p tcp -o ppp0 -s 192.168.57.0/24 \
-d 0/0 --dport 22 -j SNAT --to 80.126.16.44
And the packages seem to be marked as intented:
515 31080 MARK tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 TOS match 0x10 MARK set 0x2
But tc -s class show dev eth1 says only htb 1:30 is used.
I get the feeling it is something with the POSTROUTING rule but can not work out what is wrong.
Thanks
Ben Thijssen.
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/