Hi,
D> Yoa are doing nat on the same machine, thus the filter above will not
D> get the clients IP address but the NAT-ed address. Thats because TC
D> stuff happens after all of the netfilter, routing and bridging stuff.
D> You could MARK packet when they enter eth1 (with iptables) and then
D> match them using the "fw" match in TC.
Thanks for the advice, I did as I've been told
iptables -A FORWARD -t mangle -i eth1 -j MARK -s $row->{ip} --set-mark $htbindex
tc class add dev eth0 parent 100: classid 100:$htbindex htb rate $row->{shaper}kbit prio 0
tc filter add dev eth0 protocol ip parent 100: prio 0 handle $htbindex fw flowid 100:$htbindex
$htbindex++
iptables -A FORWARD -t mangle -i eth0 -j MARK -d $row->{ip} --set-mark $htbindex
tc class add dev eth1 parent 200: classid 200:$htbindex htb rate $row->{shaper}kbit prio 0
tc filter add dev eth1 protocol ip parent 200: prio 0 handle $htbindex fw flowid 200:$htbindex
$htbindex++
It seems to be working fine so far, please let me know if there are any
flaws in this or if I should do something differently.
thanks for the quick response,
-
diab
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
