I''ve got a couple of queries about packet marking/classifying ...
I''m configuring a box to account and control traffic on a 6Mbps link,
including traffic shaping/prioritisation and splitting out some
bandwidth out for customers. Currently I''m up to about 35 htb classes
! The box has two interfaces, doing simple routing (no nat, no
multiple providers, etc).
If I''m using my own tcstart file, do I ignore the tcdevices file ?
I see that I have the choice of marking the packets in tcrules and
then using tc filters to filter the marked packets into classes, or I
can classify the packets in tcrules.
Is classifying more efficient than marking and filtering ?
At first glance it would seem that classifying should be more
efficient as it''s one step, or is there something going on in the
background that will negate that ?
Or is the overhead so low that I should ignore it ?
Does it make any difference to the rules generated, or the processing
required to handle packets, if I specify devices in the rules ? Eg,
is there any difference between :
1:11 a.b.c.d 0.0.0.0/0 tcp - 80
1:11 ethint:a.b.c.d 0.0.0.0/0 tcp - 80
At first glance it doesn''t appear to make any difference, but
I''m not
that experienced at reading iptables output.
Do classify action get actioned before or after tcfilters ?
Eg, if I have a tc filter putting traffic into one class, and a
tcrules entry classifying traffic into a difference class - which
will take effect. In particular I''m thinking in terms of a tc filter
directing traffic for the internal network originating on the
firewall into an (effectively) unlimited class (100:10 in the diagram
below), while a tcrule entry is classifying traffic from "anywhere"
to a specific host into a different, bandwidth controlled, class (eg
101:11 below).
And lastly, does it matter if the classes I classify to are not
attached to the root of the device ? On my internal interface I have
the following (Q=Queue, C=class) :
ethint -- Q htb 100: -- C htb 100:1 -- C htb 100:10 -- Q sfq
\- C htb 100:11 -- Q htb 101: ---
then under Q htb 101:
Q htb 101: -- C htb 101:101 --- C htb 101:10 -- C htb 101:11 -- Q sfq
| |- C htb 101:12 -- Q sfq
| |- .....
|
|- C htb 101:20 -- C htb 101:21 -- Q sfq
| |- .....
|
|...
Does the TC code just start at the device route, and push the packet
down the ''tree'' until it runs out or find a match. Or does it
need to
be told where to start ? The tc rules I have in tcstart are attached
to the relevant parent (100: or 101:)
Thanks if you''ve made it this far without being bored into a coma !
PS - when I get this finished, I''ll see if I can get permission to
post & document it as an example installation.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Juan Jose Lopez Gonzalez
2008-Jan-22 16:48 UTC
Redirect first web connection to Intranet Server
Hi all : We need to redirect first web connection to our Intranet Web Server, but only the first time that an user open the web browser. How we can do that?? We''re using shorewall 4.0.2. Thanks in advance. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Roberto C. Sánchez
2008-Jan-22 21:25 UTC
Re: Redirect first web connection to Intranet Server
On Tue, Jan 22, 2008 at 05:48:41PM +0100, Juan Jose Lopez Gonzalez wrote:> Hi all : > > We need to redirect first web connection to our Intranet Web Server, but > only the first time that an user open the web browser. > > How we can do that?? We''re using shorewall 4.0.2. >Shorewall does not understand HTTP or web browser connections. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/