I try to shape traffic using HTB and mark packets within iptables using PREROUTING. But the filterrules seems to ignore the marks set with PREROUTING Only POSTROUTING marks are accepted. First my configuration I have a router connected to the internet via ADSL over interface ppp0. eth0 is a tunnel to ppp0 and eth1 serves the LAN. LAN is 192.168.57.0/24 on 10Mbit ppp0 is 80.126.16.44 on 320Kbit upstream and 2048Kbit downstream These are the kernel/programs involved: Kernel 2.4.20 (Suse 8.2) iproute version 2.4.7 iptables version 1.2.7a Underneath the HTB script and a snapshot of the iptables script. The HTB script is executed on the beginning of the iptables script.># Configure HTB qdisc >/usr/sbin/tc qdisc add dev eth1 root handle 1:0 htb default 30 >/usr/sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate 1960kbit burst 15k >/usr/sbin/tc class add dev eth1 parent 1:1 classid 1:10 htb rate 152kbit ceil 152kbit burst 2k prio 1 >/usr/sbin/tc class add dev eth1 parent 1:1 classid 1:20 htb rate 950kbit ceil 1808kbit burst 15k prio 5 >/usr/sbin/tc class add dev eth1 parent 1:1 classid 1:30 htb rate 646kbit ceil 900kbit burst 15k prio 10 >/usr/sbin/tc class add dev eth1 parent 1:1 classid 1:40 htb rate 133kbit ceil 152kbit burst 15k prio 15 >/usr/sbin/tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 >/usr/sbin/tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10 >/usr/sbin/tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10 >/usr/sbin/tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10 ># Filter rules >/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 1 fw flowid 1:10 >/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 2 fw flowid 1:10 >/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 4 fw flowid 1:20 >/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 5 fw flowid 1:20 >/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 8 fw flowid 1:30 >/usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 10 fw flowid 1:40 >># Snapshot off iptables script. scp and ssh as an exapmle ># Standard policy is -j DROP > >/usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1 --dport 22 \ > -m tos --tos Maximize-Throughput -j MARK --set-mark 10 >/usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1 --dport 22 \ > -m tos --tos Minimize-Delay -j MARK --set-mark 2 > >/usr/sbin/iptables -A FORWARD -p tcp -i eth1 -o ppp0 -s 192.168.57.0/24 \ > -d 0/0 --dport 22 -j ACCEPT >/usr/sbin/iptables -A POSTROUTING -t nat -p tcp -o ppp0 -s 192.168.57.0/24 \ > -d 0/0 --dport 22 -j SNAT --to 80.126.16.44 >And the packages seem to be marked as intented: 515 31080 MARK tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 TOS match 0x10 MARK set 0x2 But tc -s class show dev eth1 says only htb 1:30 is used. I get the feeling it is something with the POSTROUTING rule but can not work out what is wrong. Thanks Ben Thijssen. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
reader wrote:> I try to shape traffic using HTB and mark packets within iptables using > PREROUTING. But the filterrules seems to ignore the marks set with > PREROUTING > Only POSTROUTING marks are accepted. > > First my configuration > > I have a router connected to the internet via ADSL over interface ppp0. > eth0 is a tunnel to ppp0 and eth1 serves the LAN. > LAN is 192.168.57.0/24 on 10Mbit > ppp0 is 80.126.16.44 on 320Kbit upstream and 2048Kbit downstream > > > These are the kernel/programs involved: > > Kernel 2.4.20 (Suse 8.2) > iproute version 2.4.7 > iptables version 1.2.7a > > Underneath the HTB script and a snapshot of the iptables script. The HTB > script is executed on the beginning of the iptables script. > >> # Configure HTB qdisc >> /usr/sbin/tc qdisc add dev eth1 root handle 1:0 htb default 30 >> /usr/sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate >> 1960kbit burst 15k >> /usr/sbin/tc class add dev eth1 parent 1:1 classid 1:10 htb rate >> 152kbit ceil 152kbit burst 2k prio 1 >> /usr/sbin/tc class add dev eth1 parent 1:1 classid 1:20 htb rate >> 950kbit ceil 1808kbit burst 15k prio 5 >> /usr/sbin/tc class add dev eth1 parent 1:1 classid 1:30 htb rate >> 646kbit ceil 900kbit burst 15k prio 10 >> /usr/sbin/tc class add dev eth1 parent 1:1 classid 1:40 htb rate >> 133kbit ceil 152kbit burst 15k prio 15 >> /usr/sbin/tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 >> /usr/sbin/tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10 >> /usr/sbin/tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10 >> /usr/sbin/tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10 >> # Filter rules >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle >> 1 fw flowid 1:10 >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle >> 2 fw flowid 1:10 >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle >> 4 fw flowid 1:20 >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle >> 5 fw flowid 1:20 >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle >> 8 fw flowid 1:30 >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle >> 10 fw flowid 1:40 >> > >> # Snapshot off iptables script. scp and ssh as an exapmle >> # Standard policy is -j DROP >> >> /usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1 >> --dport 22 \ >> -m tos --tos Maximize-Throughput -j MARK --set-mark 10 >> /usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1^^ You are only marking packets inbound on eth1, but shaping outbound. Andy.>> --dport 22 \ >> -m tos --tos Minimize-Delay -j MARK --set-mark 2 >> >> /usr/sbin/iptables -A FORWARD -p tcp -i eth1 -o ppp0 -s 192.168.57.0/24 \ >> -d 0/0 --dport 22 -j ACCEPT >> /usr/sbin/iptables -A POSTROUTING -t nat -p tcp -o ppp0 -s >> 192.168.57.0/24 \ >> -d 0/0 --dport 22 -j SNAT --to 80.126.16.44 > > > And the packages seem to be marked as intented: > > 515 31080 MARK tcp -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:22 TOS match 0x10 MARK set 0x2 > > > But tc -s class show dev eth1 says only htb 1:30 is used. > > I get the feeling it is something with the POSTROUTING rule but can not > work out what is wrong. > > Thanks > > > Ben Thijssen. > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hey all,
I need to make a setup for VoIP using Linux QoS. For that, I decided to
follow Leonardo Balliache (http://www.opalsoft.net/qos/VoIP.htm)
recomendations; an Ingress filter to forward the SIP packets to from the
incoming interface (eth2) to the outgoing one (eth0) as soon as possible,
with minimum delay, and a PRIO filter for the outgoing interface. Im quite a
newbie to tcng, and I really would like to use it as a front end to tc. So
I´d like to know if somebody could give a hand translating "Mark every
packet comming from eth2 with the highest priority" and "all packets
that
came from eth2 when going out through eth0 should have minimum delay and all
the bandwidth needed" to the tcng language.
I suppose it would be something like that, using just tc (please correct
me if Im wrong):
tc qdisc add dev eth2 handle ffff: ingress
tc filter add dev eth2 parent ffff: protocol ip prio 1 u32 match ip
protocol 17 0xff police rate 240kbit burst 15kb continue flowid :1
and on the egress side:
tc qdisc add dev eth0 root handle 1: prio
tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1
tcindex classid 1:1
Should I add another class for all other "non-privileged"
flows?
Any help will be greatly
appreaciated.
Thanks,
Marcelo
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Well what it looks like is, you are marking packets coming on the LAN which is 192.168, while the outgoing packets are NAT to a real ip.. since the ip is different on the packet the mark won''t carry on so you can''t shape it out ppp0.. Why not just use the iptables rules on ppp0 postrouting? On Sun, 2004-05-09 at 18:12, Andy Furniss wrote:> reader wrote: > > I try to shape traffic using HTB and mark packets within iptables using > > PREROUTING. But the filterrules seems to ignore the marks set with > > PREROUTING > > Only POSTROUTING marks are accepted. > > > > First my configuration > > > > I have a router connected to the internet via ADSL over interface ppp0. > > eth0 is a tunnel to ppp0 and eth1 serves the LAN. > > LAN is 192.168.57.0/24 on 10Mbit > > ppp0 is 80.126.16.44 on 320Kbit upstream and 2048Kbit downstream > > > > > > These are the kernel/programs involved: > > > > Kernel 2.4.20 (Suse 8.2) > > iproute version 2.4.7 > > iptables version 1.2.7a > > > > Underneath the HTB script and a snapshot of the iptables script. The HTB > > script is executed on the beginning of the iptables script. > > > >> # Configure HTB qdisc > >> /usr/sbin/tc qdisc add dev eth1 root handle 1:0 htb default 30 > >> /usr/sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate > >> 1960kbit burst 15k > >> /usr/sbin/tc class add dev eth1 parent 1:1 classid 1:10 htb rate > >> 152kbit ceil 152kbit burst 2k prio 1 > >> /usr/sbin/tc class add dev eth1 parent 1:1 classid 1:20 htb rate > >> 950kbit ceil 1808kbit burst 15k prio 5 > >> /usr/sbin/tc class add dev eth1 parent 1:1 classid 1:30 htb rate > >> 646kbit ceil 900kbit burst 15k prio 10 > >> /usr/sbin/tc class add dev eth1 parent 1:1 classid 1:40 htb rate > >> 133kbit ceil 152kbit burst 15k prio 15 > >> /usr/sbin/tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 > >> /usr/sbin/tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10 > >> /usr/sbin/tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10 > >> /usr/sbin/tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10 > >> # Filter rules > >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle > >> 1 fw flowid 1:10 > >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle > >> 2 fw flowid 1:10 > >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle > >> 4 fw flowid 1:20 > >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle > >> 5 fw flowid 1:20 > >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle > >> 8 fw flowid 1:30 > >> /usr/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle > >> 10 fw flowid 1:40 > >> > > > >> # Snapshot off iptables script. scp and ssh as an exapmle > >> # Standard policy is -j DROP > >> > >> /usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1 > >> --dport 22 \ > >> -m tos --tos Maximize-Throughput -j MARK --set-mark 10 > >> /usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1 > ^^ > > You are only marking packets inbound on eth1, but shaping outbound. > > Andy. > > > > >> --dport 22 \ > >> -m tos --tos Minimize-Delay -j MARK --set-mark 2 > >> > >> /usr/sbin/iptables -A FORWARD -p tcp -i eth1 -o ppp0 -s 192.168.57.0/24 \ > >> -d 0/0 --dport 22 -j ACCEPT > >> /usr/sbin/iptables -A POSTROUTING -t nat -p tcp -o ppp0 -s > >> 192.168.57.0/24 \ > >> -d 0/0 --dport 22 -j SNAT --to 80.126.16.44 > > > > > > And the packages seem to be marked as intented: > > > > 515 31080 MARK tcp -- eth1 * 0.0.0.0/0 > > 0.0.0.0/0 tcp dpt:22 TOS match 0x10 MARK set 0x2 > > > > > > But tc -s class show dev eth1 says only htb 1:30 is used. > > > > I get the feeling it is something with the POSTROUTING rule but can not > > work out what is wrong. > > > > Thanks > > > > > > Ben Thijssen. > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/