Yes, I think you are wright.
I will it try as soon I get the chance, because these are on a
working server (router) which cannot be rebooted.
Temporarilly I solved the problem by applying the download shapers to the
wright eth.
Thanx,
Daniel Sercaianu
Terranet Virtual Media
[EMAIL PROTECTED]
GSM +40 788 837723
On Sun, 11 Aug 2002, Patrick McHardy wrote:
> sorry last patch was broken, this one is ok.
> patrick
>
> Patrick McHardy wrote:
>
> > Hi Daniel,
> >
> > Daniel Sercaianu wrote:
> >
> >> I have the following problems:
> >> I cannot shape the ip xxx.xxx.xxx.xxx when I do SNAT or MASQUERADE with
> >> them. Otherwise when I remove these two iptables lines the shaping works
> >> perfectly.
> >>
> >> It is very important for me to shape the xxx.xxx.xxx.xxx ip and not the
> >> yyy.yyy.yyy.yyy. When I tried to shape yyy.yyy.yyy.yyy, it worked.
> >>
> >> What rules should be added to make this possible?
> >>
> >>
> >> My iptables rules are:
> >>
> >> iptables -A PREROUTING -t mangle -s xxx.xxx.xxx.xxx -j MARK --set-mark 1
> >> iptables -A POSTROUTING -t nat -s xxx.xxx.xxx.xxx -j SNAT --to
> >> zzz.zzz.zzz.zzz -o eth4
> >>
> >>
> >>
> >> iptables -t mangle -I PREROUTING -j IMQ
> >> ip link set imq0 up
> >>
> >>
> >> ip rule shows the following output:
> >>
> >> 32764: from zzz.zzz.zzz.0/24 lookup ew
> >> 32765: from all fwmark 1 lookup ew
> >> 32766: from all lookup main
> >> 32767: from all lookup default
> >>
> >>
> >>
> >>
> >> My tc + htb rule look like this:
> >>
> >> /sbin/tc qdisc add dev imq0 root handle 1: htb default 200 r2q 3
> >> /sbin/tc class add dev imq0 parent 1:0 classid 1:1 htb rate 100Mbit
> >> ceil 100Mbit burst 2k prio 5
> >>
> >> /sbin/tc filter add dev imq0 parent 1:0 protocol ip prio 5 handle 1:
> >> u32 divisor 256
> >>
> >> /sbin/tc class add dev imq0 parent 1:1 classid 1:2 htb rate 512kbit
> >> ceil 512kbit burst 2k prio 5
> >> /sbin/tc qdisc add dev imq0 parent 1:2 handle 10: sfq quantum 1514b
> >> perturb 10
> >> /sbin/tc filter add dev imq0 parent 1:0 protocol ip prio 5 u32 match
> >> ip dst xxx.xxx.xxx.xxx flowid 1:2
> >
> >
> >
> > If i understood you right this is probably not working because imq sees
> > packets before zzz.zzz.zzz.zzz is dnated back to xxx.xxx.xxx.xxx. please
> > try the attached patch.
> >
> >
> > bye
> >
> > patrick
> >
> >
> > ------------------------------------------------------------------------
> >
> > --- imq.c.orig Sun Aug 11 15:30:24 2002
> > +++ imq.c Sun Aug 11 15:31:17 2002
> > @@ -37,7 +37,7 @@
> > imq_nf_hook,
> > PF_INET,
> > NF_IP_PRE_ROUTING,
> > - NF_IP_PRI_MANGLE + 1
> > + NF_IP_PRI_NAT_DST + 1
> > };
> >
> > static struct nf_hook_ops imq_egress_ipv4 = {
> > @@ -54,7 +54,7 @@
> > imq_nf_hook,
> > PF_INET6,
> > NF_IP6_PRE_ROUTING,
> > - NF_IP6_PRI_MANGLE + 1
> > + NF_IP6_PRI_NAT_SRC + 1
> > };
> >
> > static struct nf_hook_ops imq_egress_ipv6 = {
> >
>
>
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
