From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Samad Date: Mon, 11 Oct 2004 21:04:17 +0000 Subject: Re: [LARTC] NAT+mangle+tc Message-Id: <20041011210417.GA522@samad.com.au> MIME-Version: 1 Content-Type: multipart/mixed; boundary="OXfL5xGRrasGEqWY" List-Id: References: In-Reply-To: To: lartc@vger.kernel.org --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi What you can do is mark the packets in netfilter (iptables) and then use the marks to assign the packets to classes you can do something like iptables -t mangle -A PREROUTING -s AddrIWantToShape -j mark 0x02 iptables -t mangle -A PREROUTING -s AddrIWantToShape2 -j mark 0x03 iptables -t nat -A POSTROUTING -s AddrIWantToShape -o InternetInt -j MASQ iptables -t nat -A POSTROUTING -s AddrIWantToShape2 -o InternetInt -j MASQ tc filter add dev InternetInt parent 1: protocol ip pref 5 handle 2 fw flow= id 1:30 tc filter add dev InternetInt parent 1: protocol ip pref 5 handle 3 fw flow= id 1:40 Something like that Alex On Mon, Oct 11, 2004 at 07:45:02PM +0300, emo terziev wrote: > Hi , Jason > I know LARTC HOWTO. mi download shapers work fine, but=20 > I don't know can i limit upload when i have NAT because source IP > address is changed > and i cannot make u32 src filter.=20 >=20 > in other hand package marking isn't usable in my case because i want=20 > user A to have for example 128K to Group A networks and 64K to group B > user B to have 256k to group A and 1Mbit to group B >=20 > download is easy, but for upload i unfortunatly don't know how should to= be :( > ,This is over my knowlage i think.=20 >=20 > Please anyone with more experience just to give mi idea how can be done. >=20 >=20 > +-----------+ | S | > | User A |---+ W | +NAT =20 > +----------+ | I | eth1 eth0 grou= p A > +----------+ | T | +--------+ +--- 180 diferent > Networks -----------------+ > | User B |----+ C +-----| Router |--------| =20 > Internet > +----------+ | H | +--------+ +---all rest > internet ---------------------------+ > .... ... / ... =20 > group B > +----------+ | H | > | User N |---+ U | > +-----------+ | B | ----------------> > +-----+ >=20 >=20 >=20 > Best Regards > emo terziev >=20 > On Mon, 11 Oct 2004 12:09:24 -0400, Jason Boxman wrot= e: > > On Monday 11 October 2004 07:29, emo terziev wrote: > > > Hi All, > > > I wonder can I do NAT+mangle+tc on same maschine? I want to shape > > > outgoing traffic per IP on my gateway computer. > >=20 > > Sure, you can do that on the same machine. > >=20 > > You can do NAT with a variety of scripts or just hand written iptables = rules. > > Personally, I use the gShield iptables firewall. As for `tc`, you migh= t look > > into the LARTC HOWTO. > >=20 > > http://lartc.org/ > >=20 > > -- > >=20 > > Jason Boxman > > Perl Programmer / *NIX Systems Administrator > > Shimberg Center for Affordable Housing | University of Florida > > http://edseek.com/ - Linux and FOSS stuff > >=20 > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >=20 --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBavVRkZz88chpJ2MRAipZAJ9YNkI6VHGEe7/gnOBZ5L+1XLwXTgCgpvNs HBRFreUFCxDQ0exVuo8ZBWg= =34ph -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/