[LARTC] Sharing a DSL between 40 subnets with htb
Andy Furniss
andy.furniss at dsl.pipex.com
Sun Jan 8 22:16:00 CET 2006
Flemming Frandsen wrote:
> I have a network with around 40 /24 subnets that shares a common DSL,
> this cries out for shaping so here I am trying to make it work as my
> first tc project.
>
> I have managed to cargocult some snippets from this list and tried to
> come up with a config, but there are a few things that I'd really like
> some input on:
>
> 1) Are the NAT'ed addresses available in the PREROUTING table of eth0?
eth0 doesn't have a prerouting table everything coming in from anywhere
hits prerouting. If eth0 is WAN then packets coming in will still have
real ip addresses in PREROUTING.
>
> 2) If not then can I have the iptable --set-mark stuff in the tables
> for one interface and use the mark in tc on another interface?
Yes tables are not device specific.
>
> 3) Is it possible to filter on the routing table in stead of the
> --set-mark? so all traffic going to a certain router gets
> filtered into the same htb?
You could use tc filters on ip/dst mac etc
> #Have the bucket that traffic gets dropped into
> #be determined by the firewall mark
> #btw: --set-mark 0xbabeface maps to class id babe:face
> tc filter add dev eth0 parent 1: protocol ip prio 1 handle 1 fw
Don't think you need handle 1 here.
>
> #Hook up the classification table to the interface
> iptables -t mangle -A PREROUTING -o eth0 -j to-dsl
Out dev isn't known in prerouting.
Andy.
More information about the LARTC
mailing list