* [LARTC] split traffic
@ 2002-05-28 12:15 Emil Terziev
2002-05-28 16:36 ` Stef Coene
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Emil Terziev @ 2002-05-28 12:15 UTC (permalink / raw
To: lartc
Hi ,
I need to limit traffic from my LAN
(172.16.1.x/24)for every IP but to have 2 type speed.
I have BG_Traffic (couple LANs 212.50.16.0/24,
217.9.231.0/24, 195.24.39.0/24)
and I have not_BG_Traffic (rest of Internet world).
I want for example
IP 172.16.1.10 to have 10K for BG_Traffic and 25K for
not_BG_Traffic.
IP 172.16.1.11 to have 6K for BG_Traffic and 64K for
not_BG_Traffic.
IP 172.16.1.12 to have 8K for BG_Traffic and 10K for
not_BG_Traffic.
Can help me? I’m newer with tc&iproute and this ii
very difficult for me
Regards
Emil Terziev
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] split traffic
2002-05-28 12:15 [LARTC] split traffic Emil Terziev
@ 2002-05-28 16:36 ` Stef Coene
2002-10-01 22:27 ` Omar Armas
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Stef Coene @ 2002-05-28 16:36 UTC (permalink / raw
To: lartc
On Tuesday 28 May 2002 14:15, Emil Terziev wrote:
> Hi ,
> I need to limit traffic from my LAN
> (172.16.1.x/24)for every IP but to have 2 type speed.
>
> I have BG_Traffic (couple LANs 212.50.16.0/24,
> 217.9.231.0/24, 195.24.39.0/24)
>
> and I have not_BG_Traffic (rest of Internet world).
> I want for example
> IP 172.16.1.10 to have 10K for BG_Traffic and 25K for
> not_BG_Traffic.
> IP 172.16.1.11 to have 6K for BG_Traffic and 64K for
> not_BG_Traffic.
> IP 172.16.1.12 to have 8K for BG_Traffic and 10K for
> not_BG_Traffic.
>
> Can help me? I’m newer with tc&iproute and this ii
> very difficult for me
It's not so difficult once you understand how it works. And yes; it's
possible what you want to do.
Have you read the Lartc HOWTO ? And I have some scripts and more info on
www.docum.org about shaping. Try to read the docs and to understand the
scripts. If you have more questions, just post them and we will try to
answer them.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* [LARTC] split traffic
2002-05-28 12:15 [LARTC] split traffic Emil Terziev
2002-05-28 16:36 ` Stef Coene
@ 2002-10-01 22:27 ` Omar Armas
2002-10-01 22:35 ` Martin A. Brown
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Omar Armas @ 2002-10-01 22:27 UTC (permalink / raw
To: lartc
I have the next network:
Users LAN Servers LAN
(10.0.0.0/24 (mail and web [200.30.57.32/24]
web surf main activity) homologated ip's)
| |
| |
| |
| |
|________________________________|
|
eth1:1 10.0.0.138 | eth1 200.30.57.33
|
{Linux Firewall. kernel 2.4.18}
|
eth2 | eth0 200.30.53.22/30
192.168.1.2/30|
|
_______________/ \______________
| |
| |
{adsl router} {Cisco router} 200.30.53.21/30
|192.168.1.1 |
|(phone line) |(DS0)
| |
| |
{ -------- Internet ------- }
A network with two links to internet: a DS0 and an adsl.
I want that servers with homologated ip's go via the DS0, and end users,
with 10.0.0.0 addresses go via adsl. Both links through the same
firewall.
Also, end users must have Nat, and servers dont. For this i use:
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth2 -j MASQUERADE
The default gateway in the firewall is the cisco router, my question is:
How can I make to force packets from 10.0.0.0 go via eth2(192.168.1.2) ?
I imagine something like:
ip route add 192.168.1.1/30 via 192.168.1.2 table 1
ip rule add from 10.0.0.0/24 table 1
But doesn't work. What'd be the correct way to do it?
Omar
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] split traffic
2002-05-28 12:15 [LARTC] split traffic Emil Terziev
2002-05-28 16:36 ` Stef Coene
2002-10-01 22:27 ` Omar Armas
@ 2002-10-01 22:35 ` Martin A. Brown
2002-10-14 20:55 ` Omar Armas
2002-10-15 0:09 ` Dawid Kuroczko
4 siblings, 0 replies; 6+ messages in thread
From: Martin A. Brown @ 2002-10-01 22:35 UTC (permalink / raw
To: lartc
Omar,
It looks like you want to set a different default route for the
10.0.0.0/24 network. This can be done as follows:
# ip route add default via 192.168.1.1 table 1
# ip rule add from 10.0.0.0/24 table 1
Your iptables line should work just dandily.....
I think what you are getting confused about is why your existing route
doesn't work. I'd suggest thinking about the name of the chain in the nat
table: POSTROUTING!!
Unless routing table 1 contains something else, there's no explicit
instruction for the outbound packets from 10.0.0.0/24. Add a default
route to that table, and you should have a better solution.
Check out "Multiple Connections to the Internet" in Chapter 7 in my
guide (which is still in the process of being written):
http://plorf.net/linux-ip/
Good luck,
-Martin
: I have the next network:
:
:
: Users LAN Servers LAN
: (10.0.0.0/24 (mail and web [200.30.57.32/24]
: web surf main activity) homologated ip's)
: | |
: | |
: | |
: | |
: |________________________________|
: |
: eth1:1 10.0.0.138 | eth1 200.30.57.33
: |
: {Linux Firewall. kernel 2.4.18}
: |
: eth2 | eth0 200.30.53.22/30
: 192.168.1.2/30|
: |
: _______________/ \______________
: | |
: | |
: {adsl router} {Cisco router} 200.30.53.21/30
: |192.168.1.1 |
: |(phone line) |(DS0)
: | |
: | |
: { -------- Internet ------- }
:
:
:
:
: A network with two links to internet: a DS0 and an adsl.
:
: I want that servers with homologated ip's go via the DS0, and end users,
: with 10.0.0.0 addresses go via adsl. Both links through the same
: firewall.
:
: Also, end users must have Nat, and servers dont. For this i use:
: iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth2 -j MASQUERADE
:
: The default gateway in the firewall is the cisco router, my question is:
: How can I make to force packets from 10.0.0.0 go via eth2(192.168.1.2) ?
:
:
: I imagine something like:
:
: ip route add 192.168.1.1/30 via 192.168.1.2 table 1
: ip rule add from 10.0.0.0/24 table 1
:
:
: But doesn't work. What'd be the correct way to do it?
:
:
: Omar
:
:
:
:
:
:
:
: _______________________________________________
: LARTC mailing list / LARTC@mailman.ds9a.nl
: http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
:
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] split traffic
2002-05-28 12:15 [LARTC] split traffic Emil Terziev
` (2 preceding siblings ...)
2002-10-01 22:35 ` Martin A. Brown
@ 2002-10-14 20:55 ` Omar Armas
2002-10-15 0:09 ` Dawid Kuroczko
4 siblings, 0 replies; 6+ messages in thread
From: Omar Armas @ 2002-10-14 20:55 UTC (permalink / raw
To: lartc
> # ip route add default via 192.168.1.1 table 1
> # ip rule add from 10.0.0.0/24 table 1
>
>
> : I have the next network:
> :
> :
> : Users LAN Servers LAN
> : (10.0.0.0/24 (mail and web [200.30.57.32/24]
> : web surf main activity) homologated ip's)
> : | |
> : | |
> : | |
> : | |
> : |________________________________|
> : |
> : eth1:1 10.0.0.138 | eth1 200.30.57.33
> : |
> : {Linux Firewall. kernel 2.4.18}
> : |
> : eth2 | eth0 200.30.53.22/30
> : 192.168.1.2/30|
> : |
> : _______________/ \______________
> : | |
> : | |
> : {adsl router} {Cisco router} 200.30.53.21/30
> : |192.168.1.1 |
> : |(phone line) |(DS0)
> : | |
> : | |
> : { -------- Internet ------- }
> :
> :
> :
Thanks, Martin. It worked(since last week) perfect.
Now I have the above network working. Users from class 10.0.0.0/24 go
out through the adsl router, and the servers via the DS0.
NowI want to put a transparent proxy with squid, but if I configure it
with just:
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 3128
http requests are processed via the DS0(this is because of the default
gw , I suppose), and I want them to go out via the adsl
My question is, how can I make that http requests go via the adsl with a
transparent proxy with this network configuration?
I've thought it must be the OUTPUT chain. But with what rule?
Hope you can orient me.
Thanks,
Omar
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [LARTC] split traffic
2002-05-28 12:15 [LARTC] split traffic Emil Terziev
` (3 preceding siblings ...)
2002-10-14 20:55 ` Omar Armas
@ 2002-10-15 0:09 ` Dawid Kuroczko
4 siblings, 0 replies; 6+ messages in thread
From: Dawid Kuroczko @ 2002-10-15 0:09 UTC (permalink / raw
To: lartc
On 14 Oct 2002, Omar Armas wrote:
> Now I have the above network working. Users from class 10.0.0.0/24 go
> out through the adsl router, and the servers via the DS0.
>
> NowI want to put a transparent proxy with squid, but if I configure it
> with just:
>
> iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j
> REDIRECT --to-ports 3128
>
> http requests are processed via the DS0(this is because of the default
> gw , I suppose), and I want them to go out via the adsl
>
> My question is, how can I make that http requests go via the adsl with a
> transparent proxy with this network configuration?
>
> I've thought it must be the OUTPUT chain. But with what rule?
None. :-)
Do not think of it as packet mangling, but as a squid configuration.
To be exact, there are two config values which should be especially
interesting for you:
tcp_outgoing_address 192.168.4.55
udp_outgoing_address 192.168.4.55
...where 192.168.4.55 is the IP of your ADSL connection interface. :-)
HTH, HAND,
QNeX
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2002-10-15 0:09 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-05-28 12:15 [LARTC] split traffic Emil Terziev
2002-05-28 16:36 ` Stef Coene
2002-10-01 22:27 ` Omar Armas
2002-10-01 22:35 ` Martin A. Brown
2002-10-14 20:55 ` Omar Armas
2002-10-15 0:09 ` Dawid Kuroczko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.