define your pools with tc, but do not define the ip range there, use mangling instead, so iptables (that WORKS with bridging) is in charge of marking the packet so it goes to the respective pool.
greetings! Jorge# ./S P.D. Sorry for my bad english. On Tuesday 07 May 2002 12:28 pm, Chris Ellsworth wrote: > i was rereading bridge.sourceforge.net site where the bridge utils are > located and they say iptables only > _____ > This page aims to be the central resource for all things related to > Layer 2 ethernet bridging with Linux. Here you can find a rewrite of > the ethernet bridging code for Linux 2.2 (which has since been > integrated into the 2.4 kernel series), and patches for doing > firewalling in combination with bridging (both ipchains and iptables). > _____ > > i was running this > ___________________ > tcclass_add="tc class add dev brint_ext parent 1: classid" > tcclass_rate="cbq allot 1514 avpkt 1000 rate" > tcclass_end="" > tcfilter_add="tc filter add dev brint_ext protocol ip parent" > tcfilter_src="prio 1 u32 match ip src" > tcfilter_dst="prio 1 u32 match ip dst" > > tc qdisc add dev brint_ext root handle 1: cbq bandwidth 192kbps avpkt > 1000 > tc class add dev brint_ext parent 1: classid 1:1 cbq allot 1514 avpkt > 1000 rate 5kbps > $tcclass_add 1:2 $tcclass_rate 10kbps > $tcclass_add 1:3 $tcclass_rate 20kbps > $tcclass_add 1:4 $tcclass_rate 30kbps > > $tcfilter_add 1:0 $tcfilter_src 65.215.218.3 flowid 1:2 > $tcfilter_add 1:0 $tcfilter_dst 65.215.218.3 flowid 1:2 > $tcfilter_add 1:0 $tcfilter_src 65.215.218.49 flowid 1:3 > $tcfilter_add 1:0 $tcfilter_dst 65.215.218.49 flowid 1:3 > $tcfilter_add 1:0 $tcfilter_src 192.168.1.6 flowid 1:4 > $tcfilter_add 1:0 $tcfilter_dst 192.168.1.6 flowid 1:4 > ___________________________________________ > and was not getting any limiting so i assumed it was did not work > with tc doing the limiting > or maybe i was doing something wrong > > > ----- Original Message ----- > From: "Henrik Nordstrom" <[EMAIL PROTECTED]> > To: "Chris Ellsworth" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Sunday, May 05, 2002 11:53 PM > Subject: Re: [Bridge] Filtering packets into a cbq on a bridge > > > This can either be done by doing the classification in directly tc, > > or by using the -j MARK function of iptables to set the > > nfmark/fwmark > > > value of the packets, and then use this in tc filters to classify > > the > > > packets. > > > > In most cases I would recommend doing the classification directly in > > tc, ignoring iptables, leaving the mark capability open for other > > uses (beleive me, there is many interesting uses of marking). > > > > > > Regards > > Henrik > > > > On Monday 06 May 2002 02:23, Chris Ellsworth wrote: > > > currently using this code to make classes > > > note: this is being used on a bridge which has been patch to allow > > > iptables to effect the packets. > > > I need to filter packets into these classes with iptables. > > > the line i have came up with so far is as follows > > > iptables -A FORWARD -s <IP> > > > iptables -A FORWARD -d <IP> > > > > > > how to i finish the line so that when a packet comes from an IP it > > > will be filtered into the correct class for limiting.? > > > this is being used on a bridge which has been patch to allow > > > iptables to effect the packets. > > > I believe there is something to do with marking but dont > > understand > > > > which mark command to use. > > > > _______________________________________________ > > Bridge mailing list > > [EMAIL PROTECTED] > > http://www.math.leidenuniv.nl/mailman/listinfo/bridge > > _______________________________________________ > Bridge mailing list > [EMAIL PROTECTED] > http://www.math.leidenuniv.nl/mailman/listinfo/bridge _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
