LARTC - Feb 2004 - marking packets not functioning well

hello,

Here''s my problem in short. I have 3 subnetworks in my LAN (eth1 -
internal interface, eth0 - external), and my ISP has also 2 subnetworks (link
speed at 11Mbps), let''s say:

ISP1= 19x.2xx.25x.0/24
ISP2= 19x.2xx.25y.0/24

I want the traffic to the 2 subnets of the ISP be much higher than to the rest
of the Internet.

I limit the traffic to the localnets with htb, the script is OK. For the moment
if I limit the traffic, it is also limited to the ISP''s subnets, the
problem being at marking the packets.

here''s the packet marking for LOCALNET1
-first version-
$IPTABLES -A POSTROUTING -t mangle -o eth1 -s $ISP1 -d $LOCALNET1 -j MARK
--set-mark 6
$IPTABLES -A POSTROUTING -t mangle -o eth1 -s $ISP2 -d $LOCALNET1 -j MARK
--set-mark 6
$IPTABLES -A POSTROUTING -t mangle -o eth1 -s 0/0 -d $LOCALNET1 -j MARK
--set-mark 1

I mark the packets with 6 if they are coming from ISP1 and ISP2 and with 1 if
coming from anywhere else.
Thought this would be OK, but it is not working. It seems that the last line
marks ALL packets with 1, so traffic is limited at low speed no matter what the
source is.

- second version -
$IPTABLES -A POSTROUTING -t mangle -o eth1 -s! $ISP1 -d $LOCALNET1 -j MARK
--set-mark 1
$IPTABLES -A POSTROUTING -t mangle -o eth1 -s! $ISP2 -d $LOCALNET1 -j MARK
--set-mark 1

In this case, oddly for me, there is no traffic limiting at all.

Can anynone help me please? Where is the problem? Can''t mark packets to
the same destination from  different sources?

Gy.


____________________________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Gyula Szekely wrote:
> hello,
> 
> Here''s my problem in short. I have 3 subnetworks in my LAN (eth1 -
internal interface, eth0 - external), and my ISP has also 2 subnetworks (link
speed at 11Mbps), let''s say:
> 
> ISP1= 19x.2xx.25x.0/24
> ISP2= 19x.2xx.25y.0/24
> 
> I want the traffic to the 2 subnets of the ISP be much higher than to the
rest of the Internet.
> 
> I limit the traffic to the localnets with htb, the script is OK. For the
moment if I limit the traffic, it is also limited to the ISP''s subnets,
the problem being at marking the packets.
> 
> here''s the packet marking for LOCALNET1
> -first version-
> $IPTABLES -A POSTROUTING -t mangle -o eth1 -s $ISP1 -d $LOCALNET1 -j MARK
--set-mark 6
> $IPTABLES -A POSTROUTING -t mangle -o eth1 -s $ISP2 -d $LOCALNET1 -j MARK
--set-mark 6
> $IPTABLES -A POSTROUTING -t mangle -o eth1 -s 0/0 -d $LOCALNET1 -j MARK
--set-mark 1
> 
> I mark the packets with 6 if they are coming from ISP1 and ISP2 and with 1
if coming from anywhere else.
> Thought this would be OK, but it is not working. It seems that the last
line marks ALL packets with 1, so traffic is limited at low speed no matter what
the source is.
> 
I''m not certain on this, but I think MARK has an implicit RETURN built
in. So, even if you send packets to be marked as "6", they come back
to
the chain and then get marked "1" with everything else. I think
that''s
behaving as expected.

So, what you want to do is create your own chain that ACCEPTs after MARKing.

iptables -t mangle -N fast
iptables -t mangle -A fast -j MARK --set-mark 6
iptables -t mangle -A fast -j ACCEPT

Then, in POSTROUTING, send packets to fast instead of "MARK --set-mark
6".

---

A more simple but less flexible way to do it would be to omit the rule
that matches "-s 0/0". Then, "fast" packets are marked as 6,
and no
others are marked at all. In your htb configuration, have the default
qdisc/class be the one which treats packets as "slow".

-Corey
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/