This is done via IPTables: # Inbound traffic: # All traffic, coming outside of lan (! -s 192.168.1.0) network with destination 192.168.1.1 (my PC) get marked with 21 iptables -t mangle -A POSTROUTING ! -s 192.168.1.0/24 -d 192.168.1.1 -j MARK --set-mark 21 # All traffic, coming from 3128 port from 192.168.1.200 (Debian router/server) to 192.168.1.1 (my PC) also marked with 21 (this is SQUID proxy) iptables -t mangle -A POSTROUTING -p tcp --sport 3128 -s 192.168.1.200 -d 192.168.1.1 -j MARK --set-mark 21 # Same two lines for smartphone iptables -t mangle -A POSTROUTING ! -s 192.168.1.0/24 -d 192.168.1.2 -j MARK --set-mark 21 iptables -t mangle -A POSTROUTING -p tcp --sport 3128 -s 192.168.1.200 -d 192.168.1.2 -j MARK --set-mark 21 # ... More lines for other user's devices (marked 22, 23, 24, 25) # Outbound traffic: # All traffic, coming from 192.168.1.1 (my PC) to outside of the network (! -d 192.168.1.0/24) marked with 21 iptables -t mangle -A PREROUTING -s 192.168.1.1 ! -d 192.168.1.0/24 -j MARK --set-mark 21 # All traffic, coming from 192.168.1.1 (my PC) to destination port 3128 of 192.186.1.200 (Debian router/server) marked with 21 (SQUID proxy) iptables -t mangle -A PREROUTING -p tcp --dport 3128 -d 192.168.1.200 -s 192.168.1.1 -j MARK --set-mark 21 # Same fro my smartphone iptables -t mangle -A PREROUTING -s 192.168.1.2 ! -d 192.168.1.0/24 -j MARK --set-mark 21 iptables -t mangle -A PREROUTING -p tcp --dport 3128 -d $SRV_IP -s 192.168.1.2 -j MARK --set-mark 21 # ... More lines for other user's devices (marked 22, 23, 24, 25) # Mark local network traffic with 10, to skip bandwidth shaping iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -m comment --comment "Mark in local traffic to skip shaping with tc" -j MARK --set-mark 10 iptables -t mangle -A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -m comment --comment "Mark in local traffic to skip shaping with tc" -j MARK --set-mark 10 # Extra three lines to get things more clear: # Squid proxy (all traffic outside of local network) iptables -t nat -A PREROUTING -i 192.168.1.0/24 ! -d 192.168.1.0/24 -p tcp -m multiport --dports 80,8080 -m comment --comment "SQUID transparent HTTP proxy" -j DNAT --to-destination 192.168.1.200:3128 # NAT/MASQUERADE redirect iptables -t nat -A POSTROUTING ! -o lan -m comment --comment "NAT rule" -j MASQUERADE Best regards, Igor V. Filakhtov GMail: filakhtov@xxxxxxxxx | Cell: (050) 65-66-280 | Skype: ihor.filakhtov On Mon, Sep 2, 2013 at 4:24 AM, Horace <horace@xxxxxxxxxxxxxxx> wrote: > Igor wrote: > >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 21 fw flowid 1:21 >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 22 fw flowid 1:22 >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 23 fw flowid 1:23 >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 24 fw flowid 1:24 >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 25 fw flowid 1:25 >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 29 fw flowid 1:29 >> tc filter add dev $LAN protocol ip parent 1:0 prio 2 handle 10 fw flowid 1:10 > > Where do you mark the traffic and put them into class? > > Horace -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
