thr3ads.net - LARTC - IMQ / how to put incoming traffic to the gateway and to the LAN in 2 different classes ? [Jun 2003]

If this information is useful, please help other people find it:
Share via:

schmurtz@netcourrier.com

2003-Jun-04 16:32 UTC

IMQ / how to put incoming traffic to the gateway and to the LAN in 2 different classes ?

Hi,

My setup is:
 LAN --(eth0)-- GW/FW --(ppp0)-- Internet

How to distinguish incoming traffic to the gateway from the traffic to the LAN ?

I''m using ''iptables -t mangle -A PREROUTING -j IMQ -i
ppp0'' to send incoming traffic to imq0
Now I would like to put incoming traffic to the gateway and incoming traffic to
the lan in two different classes.
I tried ''iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark 0x1
-j IMQ'' and ''iptables -t mangle -A FORWARD -i ppp0 -o eth0 -j
MARK --set-mark 0x1''
But it''s wrong because the incoming traffic to the LAN goes twice to
imq0.

Is there a way to do that correctly ?

-- 
S.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

schmurtz@netcourrier.com

2003-Jun-05 11:13 UTC

head link

Re: IMQ / how to put incoming traffic to the gateway and to the LAN in 2 different classes ?

schmurtz@netcourrier.com writes:

Hi again

I''m not sure I made myself clear.

Before using IMQ I was using ingress on ppp0 and egress on eth0 to police
incoming traffic to the LAN.

Now i''m using IMQ. I would like to do something like that:

iptables -t mangle -A PREROUTING -j IMQ -i ppp0
iptables -t mangle -A FORWARD -i ppp0 -o eth0 -j MARK --set-mark 0x10
iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark 0x10 -j IMQ

but it''s wrong, incoming traffic to my LAN is being queued twice to
imq.

Here is a simple example of what I would like to do:
2 htb classes bounded to imq0 (classid 1:10 and 1:20), i''d like to put
incoming traffic destinated to the gateway in 1:10. And incoming traffic
destinated to the NATed LAN in 1:20.

Is there a way to correctly do that ?
Is there anybody who understands me ? :-)

> My setup is:
>  LAN --(eth0)-- GW/FW --(ppp0)-- Internet
> How to distinguish incoming traffic to the gateway from the traffic to the
LAN ?
> I''m using ''iptables -t mangle -A PREROUTING -j IMQ -i
ppp0'' to send incoming traffic to imq0
> Now I would like to put incoming traffic to the gateway and incoming
traffic to the lan in two different classes.
> I tried ''iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark
0x1 -j IMQ'' and ''iptables -t mangle -A FORWARD -i ppp0 -o eth0
-j MARK --set-mark 0x1''
> But it''s wrong because the incoming traffic to the LAN goes twice
to imq0.
> Is there a way to do that correctly ?
-- 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

LARTC - Jun 2003 - IMQ / how to put incoming traffic to the gateway and to the LAN in 2 different classes ?

IMQ / how to put incoming traffic to the gateway and to the LAN in 2 different classes ?

Re: IMQ / how to put incoming traffic to the gateway and to the LAN in 2 different classes ?