Hi Andy,
I've followed your advice and it works brilliant. However, I did fail
to mention something else which is causing a problem:
Internet - eth0 - eth1 users (192.168.x.x)
local net- eth2 (10.0.x.x)
There is another interface in this router (eth2) that should not be
shaped at all (it goes to another local network).
My problem is, I can shape Internet traffic going to user on eth1
(down), and user traffic going to Internet on eth0 (up).
However, if the downspeed is being shaped on the eth1, that means that
customers wanting something from eth2 will also be shaped.
I thought maybe I could only mark packets with a destination to eth0,
which means packets going to eth2 would be left untouched, but that
doesn't appear to work, or maybe I'm making a mistake.
here's my marking rule:
iptables -t mangle -A POSTROUTING --src 192.168.0.84 -o eth0 -j MARK --
set-mark 34
and here's the cbq rules (should I be using HTB for this??)
SIXFOUR=75
VEGA=90
DEV=eth1
DEVTEST=eth0
tc class add dev $DEV parent 1: classid 1:30 cbq rate ${SIXFOUR}kbit
allot 1500 prio 5 bounded isolated
tc filter add dev $DEV parent 1: prio 6 protocol ip handle 34 fw flowid
1:30
tc qdisc add dev $DEV parent 1:30 sfq perturb 10
tc class add dev $DEVTEST parent 1: classid 1:30 cbq rate ${SIXFOUR}kbit
allot 1500 prio 5 bounded isolated
tc filter add dev $DEVTEST parent 1: prio 6 protocol ip handle 34 fw
flowid 1:30
tc qdisc add dev $DEVTEST parent 1:30 sfq perturb 10
This current setup does not shape eth0 traffic going to eth1 (because
I'm not using u32, I'm trying to shape on the mark).
On $DEV, if I replace the mark handle with a u32 ip address match, then
shaping will work, but then users downloading from interface eth2 will
also be shaped, which I don't want.
Am I getting close or really going down the wrong path here?
Thanks so much,
Ron
On Wed, 2005-04-27 at 21:24 +0100, Andy Furniss wrote:
> Ron McKown wrote:
>
> > After lots of reading on the mailing list archive, it appears the best
> > way to handle this is to mark packets from each user, then on eth0 have
> > HTB or CBQ (really unsure which to use) shape each marked packet
> > accordingly. Currently, I'm matching by IP (u32?), so should I match by
> > fwmark instead?
>
> Yes you could do that or if you are using recent kernel/iptables you can
> classify directly.
>
> http://www.netfilter.org/patch-o-matic/pom-submitted.html
>
> If you need to use mark just do something like
>
> $IPTABLES -t mangle -A POSTROUTING --src 192.168.0.4 -j MARK --set-mark 34
>
> and then match it with a filter on eth0
>
> $TC filter add dev eth0 parent 1:0 prio 6 protocol ip handle 34 fw
> flowid 1:34
>
> Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
