Re: Re: Confuse, putting packets in wrong mangle table.

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rio Martin. wrote: 
On Thursday 27 January 2005 12:37, Andy Furniss wrote:

I'll make it simple for you as possible.
i have linux box which have eth0 220.1.1.1 as primary ip and aliasses:
eth0:1 192.168.1.1 , eth0:1 192.168.1.2
Both 192.168.1.1 & 192.168.1.2 NATed to 220.1.1.1
OKay, now my question is:
How do i manage and limit traffic generated from those ips (192.168.1.1 &
192.168.1.2) ? Not just traffic outside, but traffic coming to those ips
from Internet.
I found it so difficult because traffic coming from internet to eth0 will
be using 220.1.1.1 not 192.168.x.x


If you use IMQ and get it to hook after NAT in PREROUTING then forwarded
traffic should have been denatted and have local addresses. You can use
TC filters to classify for htb etc.
Traffic from internet to squid will probably have 220. IP address.


Thats what i'm worrying of, the ip address from internet would be 220.1.1.1, not 192.168.x.x
IMQ with iptables marking unable to mark the packets to 192.168.x.x

Iptables can't mark traffic from inet to lan, but imq hooked after nat in prerouting will see local addresses for inet to lan traffic and 220.1.1.1 for traffic from inet to squid.

You use tc filters and u32 to match them eg.

$TC filter add dev $DWIF protocol ip parent 1:2 prio 1 u32 \
   match ip dst 192.168.0.2 flowid 1:32




If you want to try a way without IMQ then AIUI you can patch squid so
you can classify hit/miss traffic and then you could shape traffic as
egress on eth0. I don't use squid - but I assume here it limits the rate
it pulls miss pages to the rate that client requests.
http://www.docum.org/docum.org/faq/cache/65.html


I ve tried this before, but never succeed. I didnt know where should i attach the 10:100 class. In the document, just told to add this class in tc, without giving some information which interface should i attach this class.

I've not used squid, but think the idea is to shape on eth0 traffic from inet to lan and miss traffic from squid to lan. The patch lets you classify miss traffic from squid which you make an htb class for and you can then involve it in sharing/priorotising etc with other inet to lan traffic.

Andy.




Regards,
Rio Martin.



_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux