Hello everyone... I have a little trouble and need some help :P How can I check on which interface the packet is going (eth0, eth1; I have two ISP and on eth3 little LAN), using to check it TC and IMQ? (HTB script) I tried to mark packets, but on chain POSTROUTING this does not work... Maybe because packets fall on IMQ before signing. I tried marking it on FORWARD but packets also didn''t hit their class. PREROUTING is working(!), but with this I can only queued download traffic. Problem is very essential. I need to distinguish on which interface packet is going. Im routing packet using this: ip route add default via 192.168.10.1 dev eth0 table neo ip rule add fwmark 0x03 table neo ip route add 80.53.133.24/29 dev $DEV_DSL table dsl ip rule add fwmark 0x04 table dsl And I''m marking traffic as I want. IMQ is working in AB mode. I have src IP before nat, and dst after nat. Upload traffic is going to IMQ1 here: iptables -t mangle -A POSTROUTING -j IMQ --todev 1 Some ideas?
Can I use u32 or route filter to throw in to class packets which are going to some interface(eth0 or eth1)? This is my route rules... ip route add 83.17.20.10/29 dev eth0 table dsl1 ip route add default via 83.17.20.12 dev eth0 table dsl1 ip route add 80.53.64.128/29 dev eth1 table dsl2 ip route add default via 80.53.64.130/29 dev eth1 table dsl2 ip rule add fwmark 0x01 table dsl1 ip rule add fwmark 0x02 table dsl2 iptables -t mangle -A PREROUTING -i eth3 -p tcp -sport 80 -j MARK 0x01 iptables -t mangle -A PREROUTING -i eth3 -p tcp -sport 4000:65535 -j MARK 0x02 ... etc. I must do this on IMQ device (POSTROUTING, AB mode), using whatever (u32 filter, route filter, MARK, CONNMARK, etc.) Packets are being marked, but some packets on IMQ are being gone on default interface (I''m not marking all traffic...) and I want to catch this packets on suitable classes on IMQ. How can I do this? :/ Any ideas? Anyone can help? -- Konrad Cempura /Lenthir/
Konrad wrote:> Hello everyone... > > I have a little trouble and need some help :P > How can I check on which interface the packet is going (eth0, eth1; I > have two ISP and on eth3 little LAN), using to check it TC and IMQ? (HTB > script)If you meant eth2 rather than 3 and you are only shaping forwarded traffic then you could get away without using imq.> I tried to mark packets, but on chain POSTROUTING this does not work... > Maybe because packets fall on IMQ before signing. > I tried marking it on FORWARD but packets also didn''t hit their class. > > PREROUTING is working(!), but with this I can only queued download traffic. > > Problem is very essential. I need to distinguish on which interface > packet is going. > > Im routing packet using this: > ip route add default via 192.168.10.1 dev eth0 table neo > ip rule add fwmark 0x03 table neo > > ip route add 80.53.133.24/29 dev $DEV_DSL table dsl > ip rule add fwmark 0x04 table dsl > And I''m marking traffic as I want.So I assume the routing is working OK.> > IMQ is working in AB mode. I have src IP before nat, and dst after nat. > > Upload traffic is going to IMQ1 here: > iptables -t mangle -A POSTROUTING -j IMQ --todev 1This rule will catch traffic headed for eth3(2) aswell. For uplink why not just shape on eth0 and eth1 directly, if you do this already and want to double queue for some reason then be more specific about what you send to imq dev1. iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 1 iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1 Andy.
Konrad wrote:> > So I assume the routing is working OK. > Yes... routing is working well.OK - I am still confused about what interfaces you have your script uses 1 2 and 3.> >>> IMQ is working in AB mode. I have src IP before nat, and dst after nat. > > >>> Upload traffic is going to IMQ1 here: >>> iptables -t mangle -A POSTROUTING -j IMQ --todev 1 > > >> This rule will catch traffic headed for eth3(2) aswell. > > > Yep. I throw in class packets going outside my network in IMQ1. > Class packets which going inside my network I queue in IMQ0.That rule will send all packets going through postrouting to imq1 whether they are going inside or outside ...> > LAN traffic on LAN classes, Internet traffic on users classes. > >> For uplink why not just shape on eth0 and eth1 directly, if you do >> this already and want to double queue for some reason then be more >> specific about what you send to imq dev1. >> >> iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 1 >> iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1 > > > I''m including my not working HTB script. > > As You see I want to classify trafic to link classes. Script is > working... for 1 link to Internet. I want to distribute traffic to > classes to several links, but I don''t know how can I distinguish traffic > which is going to first or second Internet link.Ii don''t really get what you are trying to do but if you shape on the internet interfaces then you don''t need to distinguish. Andy.
Andy wrote:> Konrad wrote: > >> > So I assume the routing is working OK. >> Yes... routing is working well. > > > OK - I am still confused about what interfaces you have your script uses > 1 2 and 3.> That rule will send all packets going through postrouting to imq1 > whether they are going inside or outside ...OK. You right... never mind. I will try to explain You:P I attached file... with code, and comments and explanation of problem. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Konrad wrote:> Andy wrote: > >> Konrad wrote: >> >>> > So I assume the routing is working OK. >>> Yes... routing is working well. >> >> >> >> OK - I am still confused about what interfaces you have your script >> uses 1 2 and 3. > > >> That rule will send all packets going through postrouting to imq1 >> whether they are going inside or outside ... > > > OK. You right... never mind. > > I will try to explain You:P > > I attached file... with code, and comments and explanation of problem.In theory you should be able to match marks set in postrouting mangle with shapers on imq - but then you wouldn''t need to if you used one imq per link or shaped directly on the internet interfaces (though you wouldn''t be able to use local src ips then if you are doing nat). It''s possible mark isn''t working for you - there was a post recently from hareram who tried alot of things but couldn''t get mark to work on his distros kernel/iptables/iproute mix. He ended up using CLASSIFY. I would try a simple test case to see if mark really is the problem - if it is you can still use more imqs and use -i/-o ethx to seperate out the traffic per link. I see you are also using squid - see the recent thread about shaping with that - AFAICT it''s not that easy if you wan''t per user fairness on cache misses. Andy.