# /etc/rc.local # EGRESS tc qdisc del dev eth2 root tc qdisc replace dev eth2 root handle 1111: cake \ dual-srchost nat fwmark 0x03 wash ack-filter oceanic mpu 64 overhead 26 bandwidth 40Mbit tc -s qdisc show dev eth2 tc filter del dev eth2 parent 1111: tc filter replace dev eth2 parent 1111: matchall action \ conndscp mask 0xfc000000 statemask 0x01000000 mode get tc -s filter show dev eth2 parent 1111: # INGRESS ip link add name ibe2 type ifb ip link set dev ibe2 up tc qdisc del dev ibe2 root tc qdisc replace dev ibe2 root cake \ ingress dual-dsthost nat fwmark 0x03 ack-filter oceanic mpu 64 overhead 26 bandwidth 99Mbit tc -s qdisc show dev ibe2 tc qdisc del dev eth2 ingress tc qdisc replace dev eth2 ingress handle ffff: tc filter del dev eth2 parent ffff: tc filter replace dev eth2 parent ffff: matchall action \ connmark \ conndscp mask 0xfc000000 statemask 0x01000000 mode set \ mirred egress redirect dev ibe2 tc -s filter show dev eth2 parent ffff: # /etc/firewall.user iptables -t mangle -N mangle_forward_eth2 ip6tables -t mangle -N mangle_forward_eth2 iptables -t mangle -A mangle_forward_eth2 -j CONNMARK --restore-mark --ctmask 0x03 ip6tables -t mangle -A mangle_forward_eth2 -j CONNMARK --restore-mark --ctmask 0x03 iptables -t mangle -A mangle_forward_eth2 -m mark ! --mark 0 -j RETURN ip6tables -t mangle -A mangle_forward_eth2 -m mark ! --mark 0 -j RETURN # Put all traffic to/from this host in cake's bulk tin iptables -t mangle -A mangle_forward_eth2 -m mac --mac-source 01:23:45:67:89:ab -j MARK --set-mark 1 ip6tables -t mangle -A mangle_forward_eth2 -m mac --mac-source 01:23:45:67:89:ab -j MARK --set-mark 1 iptables -t mangle -A mangle_forward_eth2 -m mark --mark 0 -j RETURN ip6tables -t mangle -A mangle_forward_eth2 -m mark --mark 0 -j RETURN iptables -t mangle -A mangle_forward_eth2 -j CONNMARK --save-mark --ctmask 0x03 --nfmask 0x03 ip6tables -t mangle -A mangle_forward_eth2 -j CONNMARK --save-mark --ctmask 0x03 --nfmask 0x03 iptables -t mangle -A FORWARD -o eth2 -j mangle_forward_eth2 ip6tables -t mangle -A FORWARD -o eth2 -j mangle_forward_eth2