[rlug] NAT, MARK, tc

Tue, 23 Oct 2001 14:57:37 -0700 


buna seara,

se da un ruter RH7.1 cu kernel 2.4.x, pe el este definit un tunel si are
si o retea locala (are 4 placi defapt....).
se doreste ca cei din reteaua locala sa aiba prioritate la trafic fata
de cei de pe tunel.
prima varianta limitarea tunelului cu tc si gata.
a doua varianta: sa se tc pe placa ISP in functie de unde vine pachetul,
bun am optat deoarece se face si NAT la a marca pachetele imediat cum
intra, fac rutarea, fac NAT si apoi tc. Faza e ca nu merge, de ce????

aici sunt liniiile de conf

mangle
Chain PREROUTING (policy ACCEPT 4104142 packets, 2363293364 bytes)
   38  4178 MARK       all  --  *      *       192.168.1.0/24      
0.0.0.0/0          MARK set 0x1
    0     0 MARK       all  --  *      *       192.168.2.0/24      
0.0.0.0/0          MARK set 0x2

nat
Chain POSTROUTING (policy ACCEPT)
ACCEPT     all  --  192.168.1.0/24       192.168.3.0/24
ACCEPT     all  --  192.168.3.0/24       192.168.1.0/24
SNAT       all  --  192.168.0.0/16       0.0.0.0/0          to:ip_ISP
SNAT       all  --  192.168.0.0/16       0.0.0.0/0         
to:ip_real_lan_local

/sbin/tc qdisc del dev eth3 root
/sbin/tc qdisc add dev eth3 root handle 10: cbq bandwidth 10Mbit avpkt
1000
/sbin/tc class add dev eth3 parent 10:0 classid 10:1 cbq bandwidth
10Mbit \
        rate 10Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
/sbin/tc class add dev eth3 parent 10:1 classid 10:100 cbq bandwidth
10Mbit \
        rate 100Kbit allot 1514 weight 10Kbit prio 2 maxburst 20 avpkt 1000 \
        isolated
/sbin/tc class add dev eth3 parent 10:1 classid 10:200 cbq bandwidth
10Mbit \
        rate 100Kbit allot 1514 weight 10Kbit prio 2 maxburst 20 avpkt 1000 \
        isolated
/sbin/tc class add dev eth3 parent 10:1 classid 10:300 cbq bandwidth
10Mbit \
        rate 100Kbit allot 1514 weight 10Kbit prio 2 maxburst 20 avpkt 1000 \
        isolated bounded
/sbin/tc qdisc add dev eth3 parent 10:100 sfq quantum 1514b perturb 15
/sbin/tc qdisc add dev eth3 parent 10:200 sfq quantum 1514b perturb 15
/sbin/tc qdisc add dev eth3 parent 10:300 sfq quantum 1514b perturb 15
/sbin/tc filter add dev eth3 parent 10:0 protocol ip prio 25 handle 0x1
fw classid 10:300

testul ca merge ar fi ca cei MARK 0x1 sa fie limitati la 100Kbit, lucru
care nu este asa, mrtg-u pus pe tunelul lor este tot pe la 300Kbit.

scriind acest mail, mi-am dat seama de o chestie, care este ordinea de
parcurgere a tabelelor mangle si apoi nat sau invers, ca in man zice
numai de nat (nat This table is consulted when a packet which is creates
a  new connection is encountered. mangle This table is used for
specialized packet alteration.)

so de ce nu merge varianta mea, eventual ce varianta va trece prin
minte.

numai bine

C
-- 
Ciprian Niculescu
Network Engineer
Producton S.R.L.
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to 
unsubscribe from this list.

Raspunde prin e-mail lui