[olug] Traffic Sahping and Bandwidth Throttling
Matthew G. Marsh
mgm at midwestlinux.com
Wed May 1 18:50:03 UTC 2002
On Wed, 1 May 2002, Nate Rotschafer wrote:
> Actually I'm using HTB right now and it does limit it but I need to get to a
> point where I understand how to use iptables to mark packets to determine
> what the HTB queue should do with the packets.
>From the machine itself (asuming the eth0 is egress) you can do:
iptables -t mangle -A OUTPUT -s 192.168.1.1 -d 1.1.1.1 \
-j MARK --set-mark 1
This would nfmark all packets outbound from internal processes (processes
that run in the process space of the machine itself) where the internal
process is bound to 192.168.1.1 and sending to 1.1.1.1. What is even
cooler (although YMMV as I have not really used this) is to use the
experimental Owner match from NetFilter as in:
iptables -t mangle -A OUTPUT -m owner --uid-owner {my apache UID} \
-j MARK --set-mark 2
Basically you need kernel >= 2.4.17 an iptables >= 1.2.5 for either of
these to work. Output table mangle is only recent (with the inclusion in
2.4.18 of Brad's mangle5hooks)
'k?
> Thanks,
> Nate
>
> "Only those who think know, but those wo know always think."
> Nate Rotschafer
> Millard West High School
> Omaha, NE
--------------------------------------------------
Matthew G. Marsh, President
Paktronix Systems LLC
1506 North 59th Street
Omaha NE 68104
Phone: (402) 932-7250
Email: mgm at midwestlinux.com
WWW: http://www.midwestlinux.com
--------------------------------------------------
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
More information about the OLUG
mailing list