Jonas Jasas wrote:> Hello,
>
> I have
> eth0 - internet
> eth1..4 - local networks
> on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
>
> I want to balance out/in load for eth1..4 and localhost (mainly
> squid). Nat makes impossible to do it on eth0, so I installed IMQ. I
> need to get to on imq0 unnnated in/out traffic that I could make
> priorities for protocols and networks. Do somthing like this:
> prate=1Mbit
>
> localhost: rate=500kbit, ceil=prate
> vnc: rate=100kbit, ceil=prate
> web: rate=100kbit, ceilp=prate
> mail: rate=100kbit, ceil=prate
> eth1: rate=400kbit, ceil=prate
> ftp: rate=10kbit, ceil=prate
> ....
> eth2..4: rate=100kbit, ceil=prate (eth2...eth4 would split the same
> 100kbit)
> rdp: rate=90kbit, ceil=prate
> ......
>
> This load balance would be applyed for outgoing and incoming internet
> traffic. Where and how in iptables would be correct to "-j IMQ" ?
Whether IMQ hooks before or after NAT is in the kernel config for 2.6
and needs patches for 2.4.
You need AB = after prerouting, before postrouting (though you could do
the latter with marks). IMQ logs where it hooks WRT NAT when loaded.
Ingress traffic will be hooked by -j IMQ --todev 0 in PREROUTING mangle,
egress by -j IMQ --todev 1 in POSTROUTING mangle.
Andy.