Hi all I am using a pass trhu router and I need to QoS some clients output by its IP address. The problem is that QoS is due after NATing. Is there some clever way of doing this besides MARKing every packet with some IP hashing in POSTROUTING NAT table? Regards Ethy
Ethy H. Brito написа:> Hi all > > I am using a pass trhu router and I need to QoS some clients output by its > IP address. The problem is that QoS is due after NATing. > > Is there some clever way of doing this besides MARKing every packet with > some IP hashing in POSTROUTING NAT table? > > Regards > > Ethy > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >TC is performed after POSTROUTING, so you can not do any IP related TC filtering. You can use CPU friendly patches for iptables like IPMARK or IPCLASSIFY. Take a look at them. Regards!
Use IFB which seems to be already on kernel 2.6 On 6/11/07, VladSun <vladsun@relef.net> wrote:> Ethy H. Brito написа: > > Hi all > > > > I am using a pass trhu router and I need to QoS some clients output by its > > IP address. The problem is that QoS is due after NATing. > > > > Is there some clever way of doing this besides MARKing every packet with > > some IP hashing in POSTROUTING NAT table? > > > > Regards > > > > Ethy > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > TC is performed after POSTROUTING, so you can not do any IP related TC > filtering. You can use CPU friendly patches for iptables like IPMARK or > IPCLASSIFY. Take a look at them. > > Regards! > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >-- Marco Casaroli SapucaiNet Telecom +55 35 34712377 ext 5 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On Mon, 11 Jun 2007 22:02:31 +0300 VladSun <vladsun@relef.net> wrote:> TC is performed after POSTROUTING, so you can not do any IP related TC > filtering. You can use CPU friendly patches for iptables like IPMARK or > IPCLASSIFY. Take a look at them.Ok. Can someone point me the right direction to add IPMARK kernel support? I downloaded patch-o-matic today''s snapshot and there is no IPMARK there. I have iptables-1.3.7 and kernel 2.6.21.1 sources (distro is slackware 11.0) The curious thing is that IPMARK is at iptables man page but I got and error when I execute it. It says it could not find /usr/lib/iptables/libipt_IPMARK.so: # locate -i IPMARK # (no output here) Regards. Ethy
Ethy H. Brito написа:> On Mon, 11 Jun 2007 22:02:31 +0300 > VladSun <vladsun@relef.net> wrote: > > > >> TC is performed after POSTROUTING, so you can not do any IP related TC >> filtering. You can use CPU friendly patches for iptables like IPMARK or >> IPCLASSIFY. Take a look at them. >> > > Ok. Can someone point me the right direction to add IPMARK kernel support? > > I downloaded patch-o-matic today''s snapshot and there is no IPMARK there. > > I have iptables-1.3.7 and kernel 2.6.21.1 sources (distro is slackware 11.0) > > The curious thing is that IPMARK is at iptables man page but I got and > error when I execute it. It says it could not > find /usr/lib/iptables/libipt_IPMARK.so: > > # locate -i IPMARK > # (no output here) > > > Regards. > > Ethy > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >Try "./runme download" in tge PoM directory. It should work if there is defined download URL for IPMARK in the source.list file in the PoM directory. If it doesn''t work try to download older version of PoM. That is because netfilter team has refused to include IPMARK in the official versions some time ago. Regards
I think it is better to use an IFB device and shape the upload traffic using source IP before the NAT http://linux-net.osdl.org/index.php/IFB On 6/13/07, VladSun <vladsun@relef.net> wrote:> Ethy H. Brito написа: > > On Mon, 11 Jun 2007 22:02:31 +0300 > > VladSun <vladsun@relef.net> wrote: > > > > > > > >> TC is performed after POSTROUTING, so you can not do any IP related TC > >> filtering. You can use CPU friendly patches for iptables like IPMARK or > >> IPCLASSIFY. Take a look at them. > >> > > > > Ok. Can someone point me the right direction to add IPMARK kernel support? > > > > I downloaded patch-o-matic today's snapshot and there is no IPMARK there. > > > > I have iptables-1.3.7 and kernel 2.6.21.1 sources (distro is slackware 11.0) > > > > The curious thing is that IPMARK is at iptables man page but I got and > > error when I execute it. It says it could not > > find /usr/lib/iptables/libipt_IPMARK.so: > > > > # locate -i IPMARK > > # (no output here) > > > > > > Regards. > > > > Ethy > > > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > Try "./runme download" in tge PoM directory. It should work if there is > defined download URL for IPMARK in the source.list file in the PoM > directory. > If it doesn't work try to download older version of PoM. > That is because netfilter team has refused to include IPMARK in the > official versions some time ago. > > Regards > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >-- Marco Casaroli SapucaiNet Telecom +55 35 34712377 ext 5 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
PLEASE disregard this. My MUA gone crazy and resent a lot of my emails today. Forgive me. Ethy On Wed, 13 Jun 2007 15:18:28 -0300 "Ethy H. Brito" <ethy.brito@inexo.com.br> wrote:> On Mon, 11 Jun 2007 22:02:31 +0300 > VladSun <vladsun@relef.net> wrote: > > > > TC is performed after POSTROUTING, so you can not do any IP related TC > > filtering. You can use CPU friendly patches for iptables like IPMARK or > > IPCLASSIFY. Take a look at them. > > Ok. Can someone point me the right direction to add IPMARK kernel support? > > I downloaded patch-o-matic today''s snapshot and there is no IPMARK there. > > I have iptables-1.3.7 and kernel 2.6.21.1 sources (distro is slackware 11.0) > > The curious thing is that IPMARK is at iptables man page but I got and > error when I execute it. It says it could not > find /usr/lib/iptables/libipt_IPMARK.so: > > # locate -i IPMARK > # (no output here) > > > Regards. > > Ethy > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc-- Ethy H. Brito /"\ InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML +55 (12) 3797-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL S.J.Campos - Brasil / \
On Thu, 14 Jun 2007 16:25:14 -0300 "Marco Aurelio" <marco.casaroli@gmail.com> wrote:> I think it is better to use an IFB device and shape the upload traffic > using source IP before the NAT > > http://linux-net.osdl.org/index.php/IFBBefore NAT?!?! Where does IFB hook netfilter tables?? Before mangle POSTROUTING? Ethy