Hi What you can do is mark the packets in netfilter (iptables) and then use the marks to assign the packets to classes you can do something like iptables -t mangle -A PREROUTING -s AddrIWantToShape -j mark 0x02 iptables -t mangle -A PREROUTING -s AddrIWantToShape2 -j mark 0x03 iptables -t nat -A POSTROUTING -s AddrIWantToShape -o InternetInt -j MASQ iptables -t nat -A POSTROUTING -s AddrIWantToShape2 -o InternetInt -j MASQ tc filter add dev InternetInt parent 1: protocol ip pref 5 handle 2 fw flowid 1:30 tc filter add dev InternetInt parent 1: protocol ip pref 5 handle 3 fw flowid 1:40 Something like that Alex On Mon, Oct 11, 2004 at 07:45:02PM +0300, emo terziev wrote: > Hi , Jason > I know LARTC HOWTO. mi download shapers work fine, but > I don't know can i limit upload when i have NAT because source IP > address is changed > and i cannot make u32 src filter. > > in other hand package marking isn't usable in my case because i want > user A to have for example 128K to Group A networks and 64K to group B > user B to have 256k to group A and 1Mbit to group B > > download is easy, but for upload i unfortunatly don't know how should to be :( > ,This is over my knowlage i think. > > Please anyone with more experience just to give mi idea how can be done. > > > +-----------+ | S | > | User A |---+ W | +NAT > +----------+ | I | eth1 eth0 group A > +----------+ | T | +--------+ +--- 180 diferent > Networks -----------------+ > | User B |----+ C +-----| Router |--------| > Internet > +----------+ | H | +--------+ +---all rest > internet ---------------------------+ > .... ... / ... > group B > +----------+ | H | > | User N |---+ U | > +-----------+ | B | ----------------> > +-----+ > > > > Best Regards > emo terziev > > On Mon, 11 Oct 2004 12:09:24 -0400, Jason Boxman <jasonb@xxxxxxxxxx> wrote: > > On Monday 11 October 2004 07:29, emo terziev wrote: > > > Hi All, > > > I wonder can I do NAT+mangle+tc on same maschine? I want to shape > > > outgoing traffic per IP on my gateway computer. > > > > Sure, you can do that on the same machine. > > > > You can do NAT with a variety of scripts or just hand written iptables rules. > > Personally, I use the gShield iptables firewall. As for `tc`, you might look > > into the LARTC HOWTO. > > > > http://lartc.org/ > > > > -- > > > > Jason Boxman > > Perl Programmer / *NIX Systems Administrator > > Shimberg Center for Affordable Housing | University of Florida > > http://edseek.com/ - Linux and FOSS stuff > > > > _______________________________________________ > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >
Attachment:
signature.asc
Description: Digital signature
