thr3ads.net - LARTC - four imq devices [Sep 2003]

If this information is useful, please help other people find it:
Share via:
Lukes
2003-Sep-11 11:25 UTC
four imq devices

Hi,

I''ve got a problem with this configuration:

1) physical network view:

+-----LAN------+ 
|192.168.0.0/24|            +------ROUTER------+
|192.168.1.0/24|--------eth0|                  |
+--------------+            |                  |
                            |                  |eth2---internet
+----PROXY----+             |                  |
|192.168.253.5|---------eth1|                  |
+-------------+             +-------------------

2) traffic shaping - logical view:

-- OUTGOING

+------+
|router|
+------+
  |  |
  imq1
  |  |
  |  \__________
  |             \
  |             |
  |   +------------------------+
  |   |PROXY + mail + ssh + www|
  |   +------------------------+
  |             |
  |             |
  |   __________/
  |  /
  |  |
  imq0
  |  |
+------+
| LAN  |
+------+

-- INCOMING

+------+
|router|
+------+
  |  |
  imq2
  |  |
  |  \__________
  |             \
  |             |
  |   +------------------------+
  |   |PROXY + mail + ssh + www|
  |   +------------------------+
  |             |
  |             |
  |   __________/
  |  /
  |  |
  imq3
  |  |
+------+
| LAN  |
+------+


I have patch applied to squid which sets TOS field to 8 when they are MISS, 
and to 0 for others.

I want to shape server services (ssh/www/mail) at imq1 & imq2 devices and 
shape each user on imq0 & imq3 devices.

Iptables rules:

LOCNET=192.168.0.0/16
PROXY=192.168.253.5
PUBNET=xx.xx.xx.xx/yy - my public addresses

# outgoing

# loc -> proxy
$IPT -A PREROUTING -t mangle -s $LOCNET         -p tcp --dport 80 -j IMQ --
todev=0
$IPT -A PREROUTING -t mangle -s $LOCNET         -p tcp --dport 80 -j ACCEPT

# loc -> loc
$IPT -A PREROUTING -t mangle -s $LOCNET         -d $LOCNET -j ACCEPT

# loc -> pub
$IPT -A PREROUTING -t mangle -s $LOCNET         -d $PUBNET -j ACCEPT

# proxy -> inet
$IPT -A PREROUTING -t mangle -s $PROXY          -p tcp --dport 80 -j IMQ --
todev=1
$IPT -A PREROUTING -t mangle -s $PROXY          -p tcp --dport 80 -j ACCEPT

# loc -> inet
$IPT -A PREROUTING -t mangle -s $LOCNET -j IMQ --todev=0
$IPT -A PREROUTING -t mangle -s $LOCNET -j IMQ --todev=1


# incoming

# setting mark for all incoming traffic from the internet
$IPT -I PREROUTING -t mangle -i eth2 -j MARK --set-mark 202

$IPT -A POSTROUTING -t mangle -m mark --mark 202        -d $PROXY -p tcp --
sport 80 -j IMQ --todev=2
$IPT -A POSTROUTING -t mangle -m mark --mark 202        -d $PROXY -p tcp --
sport 80 -j ACCEPT

$IPT -A POSTROUTING -t mangle -s $PROXY         -d $LOCNET -m tos --tos 8 -j 
IMQ --todev=3

$IPT -A POSTROUTING -t mangle -m mark --mark 202        -d $LOCNET -j IMQ --
todev=2
$IPT -A POSTROUTING -t mangle -m mark --mark 202        -d $LOCNET -j IMQ --
todev=3

Problem occurs for the 2 last lines - incoming to IMQ 2 & 3.
Iptables shows that traffic is going thru the rules, but in ifconfig i have 0 
bytes for imq2. Exchanging order from:

$IPT -A POSTROUTING -t mangle -m mark --mark 202        -d $LOCNET -j IMQ --
todev=2
$IPT -A POSTROUTING -t mangle -m mark --mark 202        -d $LOCNET -j IMQ --
todev=3

to:

$IPT -A POSTROUTING -t mangle -m mark --mark 202        -d $LOCNET -j IMQ --
todev=3
$IPT -A POSTROUTING -t mangle -m mark --mark 202        -d $LOCNET -j IMQ --
todev=2

brings the same effect but with imq3 device.
Is there possible to direct packets to imq2 and imq3 too? I spent a lot of 
days on it and i can''t solve this problem. 

regards,
Lukasz


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
LARTC - Sep 2003 - four imq devices

four imq devices
