Im kind of confused as to where I need to mark packets with my setup. I have a linux router serving an internal subnet (eth1) whose http/https traffic goes through a squid proxy on the same box. Can someone tell me where I would need to insert marking rules so that all packets get properly filtered, whether sourced from the internal subnet or the local server? Also, are there any restrictions on what values are used for marking? (ie, do they have to be powers of 2 or anything?). Thanks, Jay _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday 27 January 2003 05:50, Jay Wineinger wrote:> Im kind of confused as to where I need to mark packets with my setup. I > have a linux router serving an internal subnet (eth1) whose http/https > traffic goes through a squid proxy on the same box. Can someone tell me > where I would need to insert marking rules so that all packets get properly > filtered, whether sourced from the internal subnet or the local server? > Also, are there any restrictions on what values are used for marking? (ie, > do they have to be powers of 2 or anything?).Marking van be any hex number between 0 and ffff (more or less). It''s not clear to me how your setup look like and what you want to do. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> It''s not clear to me how your setup look like and what you want to do. > > Stef >Ok, what I want to do is setup 4 or 5 classes for traffic headed out my external interface(eth0). They should be something like interactive (icmp, ssh, etc), mail (smpt,pop,imap), web (http/https), and bulk. My problem right now is figuring out the correct configuration so that I do not limit traffic that is only destined FOR the QoS box, which also does DHCP, nat, samba, etc for the internal nat''d subnet (eth1). I also run a squid caching proxy server for the network''s http/https connections. Im having trouble figuring where the correct place to mark each packet would be. Do i need to do some in -t mangle PREROUTING or INPUT or FORWARD? Im confused as to how to differentiate between packets destined for the outside world (out eth0) and those that are staying on the internal network. This is what Ive pulled out of my butt for my qdisc setup: # Create new root qdisc on eth1 and parent for everything $TC qdisc add dev eth1 root handle 1: htb default 2022 $TC class add dev eth1 parent 1: classid 1:1 htb rate 95mbit ceil 95mbit # Create parent class for outbound $TC class add dev eth1 parent 1:1 classid 1:10 htb rate 350kbps burst 2k ceil 350kbps # Create subclasses on outbound traffic for interactive,mail,www,bulk $TC class add dev eth1 parent 1:10 classid 1:101 htb rate 50kbps burst 2k prio 0 [interactive] $TC class add dev eth1 parent 1:10 classid 1:102 htb rate 50kbps burst 2k prio 1 [mail] $TC class add dev eth1 parent 1:10 classid 1:103 htb rate 50kbps burst 5k prio 2 [ www is limited farther upstream anyway =( ] $TC class add dev eth1 parent 1:10 classid 1:104 htb rate 70kbps burst 2k prio 3 ceil 125kbps [bulk] # Create parent class for internal subnet traffic $TC class add dev eth1 parent 1:1 classid 1:20 htb rate 60mbit ceil 90mbit # Create subclasses on internal traffic for interactive and bulk traffic $TC class add dev eth1 parent 1:20 classid 1:201 htb rate 150kbps burst 2k prio 0 [local interactive] $TC class add dev eth1 parent 1:20 classid 1:202 htb rate 50mbit prio 1 ceil 55mbit # Create subclasses on internal bulk traffic (1:202) for www and other $TC class add dev eth1 parent 1:202 classid 1:2021 htb rate 25mbit prio 0 [local webserver traffic] $TC class add dev eth1 parent 1:202 classid 1:2022 htb rate 25mbit prio 1 [bulk] Am i going about this all wrong? thanks for any help/suggestions jay _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Tuesday 28 January 2003 09:29, Don Cohen wrote:> Marking van be any hex number between 0 and ffff (more or less). > unsigned long nfmark; > isn''t that 32 bits?I think I created some confusion. You can use the mark as hash key with the fw filter. So packets marked with 10 are redirected to class x:10. And the class names are a number between 0 ans ffff. So the mark itself can be 32 bits. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Tuesday 28 January 2003 04:55, Jay Wineinger wrote:> > It''s not clear to me how your setup look like and what you want to do. > > > > Stef > > Ok, what I want to do is setup 4 or 5 classes for traffic headed out my > external interface(eth0). They should be something like interactive (icmp, > ssh, etc), mail (smpt,pop,imap), web (http/https), and bulk. My problem > right now is figuring out the correct configuration so that I do not limit > traffic that is only destined FOR the QoS box, which also does DHCP, nat, > samba, etc for the internal nat''d subnet (eth1). I also run a squid > caching proxy server for the network''s http/https connections. > > Im having trouble figuring where the correct place to mark each packet > would be. Do i need to do some in -t mangle PREROUTING or INPUT or FORWARD? > Im confused as to how to differentiate between packets destined for the > outside world (out eth0) and those that are staying on the internal > network.Maybe the KPTD on www.docum.org can help you to figure out where you can mark the packets.> This is what Ive pulled out of my butt for my qdisc setup: > > # Create new root qdisc on eth1 and parent for everything > $TC qdisc add dev eth1 root handle 1: htb default 2022 > $TC class add dev eth1 parent 1: classid 1:1 htb rate 95mbit ceil 95mbit > > # Create parent class for outbound > $TC class add dev eth1 parent 1:1 classid 1:10 htb rate 350kbps burst 2k > ceil 350kbps > # Create subclasses on outbound traffic for interactive,mail,www,bulk > $TC class add dev eth1 parent 1:10 classid 1:101 htb rate 50kbps burst 2k > prio 0 [interactive] > $TC class add dev eth1 parent 1:10 classid 1:102 htb rate 50kbps burst 2k > prio 1 [mail] > $TC class add dev eth1 parent 1:10 classid 1:103 htb rate 50kbps burst 5k > prio 2 [ www is limited farther upstream anyway =( ] > $TC class add dev eth1 parent 1:10 classid 1:104 htb rate 70kbps burst 2k > prio 3 ceil 125kbps [bulk] > > # Create parent class for internal subnet traffic > $TC class add dev eth1 parent 1:1 classid 1:20 htb rate 60mbit ceil 90mbit > # Create subclasses on internal traffic for interactive and bulk traffic > $TC class add dev eth1 parent 1:20 classid 1:201 htb rate 150kbps burst > 2k prio 0 [local interactive] > $TC class add dev eth1 parent 1:20 classid 1:202 htb rate 50mbit prio 1 > ceil 55mbit > # Create subclasses on internal bulk traffic (1:202) for www and other > $TC class add dev eth1 parent 1:202 classid 1:2021 htb rate 25mbit prio > 0 [local webserver traffic] > $TC class add dev eth1 parent 1:202 classid 1:2022 htb rate 25mbit prio > 1 [bulk] > > Am i going about this all wrong?No. But I have some remarks. Since you don''t specify the ceil parameter, ceil = rate. So the classes can''t borrow unused bandwidth to each other. Is that what you want? (see classes 101, 102, 103, 104). Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Ok, that KPTD helps a bit. Question about that though, it seems that a forwarded packet will have 3 chances at getting marked (PRE,FORWARD,POST); is that correct? Similarly, a packet originating on the QoS box will have 2 mark chances (OUTPUT and POST). If thats correct, is there any advantage to using one or the other. I dont see why you wouldnt just do everything in POSTROUTING since all packets go there eventually according to the diagram. btw, thanks for all the help _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Tuesday 28 January 2003 22:47, Jay Wineinger wrote:> Ok, that KPTD helps a bit. Question about that though, it seems that a > forwarded packet will have 3 chances at getting marked (PRE,FORWARD,POST); > is that correct? Similarly, a packet originating on the QoS box will have > 2 mark chances (OUTPUT and POST). If thats correct, is there any > advantage to using one or the other. I dont see why you wouldnt just do > everything in POSTROUTING since all packets go there eventually according > to the diagram.I always mark in PREROUTING. Don''t ask me why. But if you want to mark in POSTROUTING, why not? Stef PS I have problems sending you an email : Domain wnoc.com not found ??? Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/