hi all: the following scipt is wokring perfectly with limiting ...on limimitng per ip basis.. ---- eth0=public static ip eth2= private ip ( 192.168.2.1) -- iptables -t mangle -A POSTROUTING -s ! 192.168.0.0/32 -d 192.168.2.101/32 -j MARK --set-mark 21012 tc class add dev eth2 parent 1:1 classid 1:2101 htb rate 32kbit ceil 64kbit tc filter add dev eth2 parent 1:0 protocol ip prio 2 handle 21012 fw classid 1:2101 tc qdisc add dev eth2 parent 1:2101 handle 2101: sfq perturb 10 ----------------- Now what i am trying to do is... limiting 192.168.2.101 75% for httpd and 25% to rest.. what i have to do? i am confused on iptables marking as well.. Thanks Paras. Paras pradhan Systems Dept. Bajranet PVT LTD Kathmandu Nepal. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wednesday 29 December 2004 13:50, Paras pradhan wrote:> hi all: > > the following scipt is wokring perfectly with limiting ...on limimitng per > ip basis.. > > > ---- > eth0=public static ip > eth2= private ip ( 192.168.2.1) > -- > iptables -t mangle -A POSTROUTING -s ! 192.168.0.0/32 -d 192.168.2.101/32 > -j MARK --set-mark 21012 > > tc class add dev eth2 parent 1:1 classid 1:2101 htb rate 32kbit ceil 64kbit > > tc filter add dev eth2 parent 1:0 protocol ip prio 2 handle 21012 fw > classid 1:2101 > > tc qdisc add dev eth2 parent 1:2101 handle 2101: sfq perturb 10 > > ----------------- > > Now what i am trying to do is... limiting 192.168.2.101 75% for httpd and > 25% to rest.. > > what i have to do? i am confused on iptables marking as well..You need 2 htb classes, 1 for httpd and 1 for the rest. And you need 2 iptables rules, 1 to mark httpd and 1 to mark the rest. And you need 2 filter rules, 1 to put the marked httpd traffic in the httpd class and to put the other traffic in the other class. Stef _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> On Wednesday 29 December 2004 13:50, Paras pradhan wrote: >> hi all: >> >> the following scipt is wokring perfectly with limiting ...on limimitng >> per ip basis.. >> >> >> ---- >> eth0=public static ip >> eth2= private ip ( 192.168.2.1) >> -- >> iptables -t mangle -A POSTROUTING -s ! 192.168.0.0/32 -d >> 192.168.2.101/32 -j MARK --set-mark 21012 >> >> tc class add dev eth2 parent 1:1 classid 1:2101 htb rate 32kbit ceil >> 64kbit >> >> tc filter add dev eth2 parent 1:0 protocol ip prio 2 handle 21012 fw >> classid 1:2101 >> >> tc qdisc add dev eth2 parent 1:2101 handle 2101: sfq perturb 10 >> >> ----------------- >> >> Now what i am trying to do is... limiting 192.168.2.101 75% for httpd >> and 25% to rest.. >> >> what i have to do? i am confused on iptables marking as well.. > You need 2 htb classes, 1 for httpd and 1 for the rest. > And you need 2 iptables rules, 1 to mark httpd and 1 to mark the rest. > And you need 2 filter rules, 1 to put the marked httpd traffic in the > httpd class and to put the other traffic in the other class. > > Stef > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/how do we mark in single iptables line using for ex: --dport 21 and -d 192.168.3.88 or have to do seperatly. Thanks Paras. Paras pradhan Systems Dept. Bajranet PVT LTD Kathmandu Nepal. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Friday 31 December 2004 12:44, Paras pradhan wrote:> how do we mark in single iptables line using for ex: --dport 21 and -d > 192.168.3.88 > or have to do seperatly.I''m not sure if you can do it in 1 command. Just try it out. Stef _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/