| Version 3 (modified by ejhernandez@…, 6 years ago) (diff) |
|---|
Traffic shaping to ingress traffic
Benefits
- Ingress shaping
- Applied at step 4
- Global policy to several interfaces
- Currently, not applicable to eBox
How to apply
- Linux kernel patches
- with IMQ options enabled when compiling kernel source
- Iptables patches
- compile Iptables sources with the IMQ patch before compiling the Linux kernel
More information http://wiki.nix.hu/cgi-bin/twiki/view/IMQ/HowToInstall (Quite Debian Etch specific).
Known issues (IMPORTANT!)
The current kind of traffic provokes kernel panics with IMQ installed:
- GRE tunneling
- IPSec traffic
- Local generated traffic (including user space programs)
Workaround to make work Samba traffic, which is considered as locally generated:
iptables -t mangle -A POSTROUTING -o eth0 -s ! 192.168.100.100 -j IMQ --todev imq0 iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev imq0(Where 192.168.100.100 is IMQ machine; eth0 is internal interface)
More information at http://wiki.nix.hu/cgi-bin/twiki/view/IMQ/ImqFaq FAQ.
Usage
- Loading IMQ module
modprobe imq numdevs=8
- Bring up IMQ
ip link set imq'n' up
- Working normally as a egress interface
More information at http://wiki.nix.hu/cgi-bin/twiki/view/IMQ/HowToUse.
