Re:

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The 02/09/13, Igor Filakhtov wrote:
> This is done via IPTables:
> 
> # Inbound traffic:
> # All traffic, coming outside of lan (! -s 192.168.1.0) network with
> destination 192.168.1.1 (my PC) get marked with 21
> iptables -t mangle -A POSTROUTING ! -s 192.168.1.0/24 -d 192.168.1.1
> -j MARK --set-mark 21
> # All traffic, coming from 3128 port from 192.168.1.200 (Debian
> router/server) to 192.168.1.1 (my PC) also marked with 21 (this is
> SQUID proxy)
> iptables -t mangle -A POSTROUTING -p tcp --sport 3128 -s 192.168.1.200
> -d 192.168.1.1 -j MARK --set-mark 21
> # Same two lines for smartphone
> iptables -t mangle -A POSTROUTING ! -s 192.168.1.0/24 -d 192.168.1.2
> -j MARK --set-mark 21
> iptables -t mangle -A POSTROUTING -p tcp --sport 3128 -s 192.168.1.200
> -d 192.168.1.2 -j MARK --set-mark 21
> # ... More lines for other user's devices (marked 22, 23, 24, 25)

ASAIK, packets go to the IMQ just after the PREROUTING chain of MANGLE
for the inbound traffic.  Please, make sure you tc filter match the
PREROUTING chain of iptables.

> On Mon, Sep 2, 2013 at 4:24 AM, Horace <horace@xxxxxxxxxxxxxxx> wrote:
> > Igor wrote:
> >
> >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 21 fw flowid 1:21
> >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 22 fw flowid 1:22
> >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 23 fw flowid 1:23
> >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 24 fw flowid 1:24
> >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 25 fw flowid 1:25
> >> tc filter add dev $LAN protocol ip parent 1:0 prio 1 handle 29 fw flowid 1:29
> >> tc filter add dev $LAN protocol ip parent 1:0 prio 2 handle 10 fw flowid 1:10
> >
> > Where do you mark the traffic and put them into class?
> >
> > Horace
-- 
Nicolas Sebrecht
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux