Dieter,
Were you able to determine the answer to your question from Stef''s
reply?
: > Im using a Linux Router, sharing dsl for the lan.
: > Now Im trying to set up one queue for each Computer conected from lan.
: > Setting up the queues is easy, but making a rule that matches them not.
: > tc filter add dev ppp0 parent 1: protocol ip prio 10 u32 \
: > match ip src 10.0.0.2/32 \
: > flowid 1:20
: > that doesnt work at all. It produces no error, but they still use
default
: > (1:50) instead of 1:20.
I''m picking on you Dieter, because you are here, OK! This is a classic
question on the LARTC list.
Here''s a brief story about what happens to a packet from a client (C2)
on
your internal network bound for heise.de (H-DE). I''ll assume that FW
has
interface eth1 (inside) and interface ppp0 (outside).
- packet arrives on internal interface eth1 from C2 -> H-DE
- packet, masqueraded to outside IP, after SNAT/masq: FW -> H-DE
- packet enters traffic control system....
As you can see, the src address is no longer 10.0.0.2/32. So Stef
suggests:
: You have indeed to mark the packets with iptables when they enter your
: router.
:
: > Now my question, how do you mark your internal traffic?
So, you mark packets like this:
iptables -t mangle -I PREROUTING -i eth1 -s 10.0.0.2/32 \
-j MARK --set-mark 0x2
: > I dont want to change anything at eth1 (internal net) because the router
: > works as Fileserver too.
You will probably find it fruitful to use traffic shaping on eth1, because
a router can only shape what it transmits*.
: That mark can be used by the fw filter to classify the packets. For
: examples, see www.docum.org.
Specifically, see "Filters, fw filter" here:
http://www.docum.org/stef.coene/qos/docs/BB/BB.html
http://www.docum.org/stef.coene/qos/docs/filter.html
Note, that Stef uses fw filter in his tests frequently, as do I!
: I use that filter a lot in my test setups. If you mark a packet, you
: give it a number that you choose.
And also these two:
http://www.docum.org/stef.coene/qos/tests/setup/
: > How do I use eg. iptables? i ve found sth. calles --mark value, but
nowere
: > explained what "value" means and what values are legal and I
dont want it
: > to match any rule for the Router (eg. minimized delay or sth).
:
: So you can choose whatever number you want.
The fwmark value is an arbitrary value. It is completely arbitrary. You
are in complete control of the value. The value can be a very large
number. It is a good habit to use hex notation for this value, because of
the ambiguity of this field.
: That number is only valid in the linux kernel of the router.
The fwmark value is packet meta data, and as such becomes meaningless at
the moment the packet is transmitted from the machine.
: The fw filter can use that number to classify the packets.
In order to actually use the mark (fwmark) for classification, you specify
the fwmark in a "tc filter" command.
tc filter add dev ppp0 parent $ROOT_CLASS \
protocol ip handle 0x2 fw classid $CHOSEN_CLASS
The parameters "handle 0x2 fw" are the parameters which identify your
marked packets for classification into $CHOSEN_CLASS.
Now, be sure to consult Stef''s pages for the details of setting your
class
rates, planning your class structure, and checking out the details of
filtering.
Good luck,
-Martin
* OK, OK, with IMQ, you can shape inbound traffic, and with policing, you
can actually perform a task similar to shaping....but let''s start
out
slow, eh?
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/