[plug] iptables nat + tc problem

Wed, 22 Oct 2008 20:16:13 -0700 

Hi All,

i have this test gateway set up at work:

os: fedora core 9
eth0: public ip
eth1: to "play" subnet -- 192.168.101.x
eth2: to "work" subnet -- 192.168.102.x

The gateway performs NAT for both PLAY and WORK subnets. i'm planning to limit 
the bandwidth for the PLAY subnet so that heavy downloads don't cripple the 
WORK subnet...and for this i came up with the ff script:

#############################################################################
#!/bin/bash
IPTB=/sbin/iptables

PUB_IP=w.x.y.z

HI_PRIORITY_Q=1:10
HI_PRIORITY_QMARK=8

LOW_PRIORITY_Q=1:31
LOW_PRIORITY_QMARK=5

PLAY_LAN=192.168.101.0/24
WORK_LAN=192.168.102.0/24




SRC=$PLAY_LAN
DST=0/0
$IPTB -A POSTROUTING -t mangle -s $SRC -d $DST  -j MARK 
--set-mark=$LOW_PRIORITY_QMARK


SRC=$WORK_LAN
DST=0/0
$IPTB -A PREROUTING -t mangle -s $SRC -d $DST -j MARK 
--set-mark=$HI_PRIORITY_QMARK




tc qdisc add dev eth0 handle 1:0 root cbq bandwidth 1Mbit avpkt 100Kbit


echo  add the root class
tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 1Mbit rate 1Mbit 
allot 1514 cell 8 weight 1Mbit prio 8 maxburst 20 avpkt 1000


echo add subclasses 1

tc class add dev eth0 parent 1:1 classid $LOW_PRIORITY_Q cbq bandwidth 100Kbit 
rate 100Kbit allot 1514 cell 8 weight 1Kbit prio 3 maxburst 20 avpkt 100 split 
1:1

echo add subclasses 2

tc class add dev eth0 parent 1:1 classid $HI_PRIORITY_Q cbq bandwidth 900Kbit 
rate 900Kbit allot 1514 cell 8 weight 9Kbit prio 7 maxburst 20 avpkt 1000 split 
1:1

echo filter all 31.x traffic, add them to low prio queue 

tc filter add dev eth0 protocol ip parent 1:0 prio 3 handle $LOW_PRIORITY_QMARK 
fw classid $LOW_PRIORITY_Q

tc filter add dev eth0 protocol ip parent 1:0 prio 7 handle $HI_PRIORITY_QMARK 
fw classid $HI_PRIORITY_Q


$IPTB -A POSTROUTING -t nat -s $PLAY_LAN -d 0/0 -j SNAT --to-source=$PUB_IP
$IPTB -A POSTROUTING -t nat -s $WORK_LAN -d 0/0 -j SNAT --to-source=$PUB_IP

############################################################################


...obviously, it doesn't work B)

Is there something i missed?

Does the MARKing get messed up during the NAT process?

tia

Attachment: traffic-control.sh
Description: Bourne shell script

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph

Reply via email to