Hello, i have very simple script to control upload in network with 3 IP addresses. Problem is, that rule for default class is used only and filtering by IPs doesn''t work. I have RH9 with kernel 2.4.20-24.9, htb script starts without errors, iproute-2.4.7-7.90.1 installed (shouldn''t I uninstall iproute and install iproute2?) Thanks for your help, Dan. #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1:0 htb default 12 tc class add dev eth0 parent 1:0 classid 1:1 htb rate 96kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 32kbit ceil 96kbit tc class add dev eth0 parent 1:1 classid 1:11 htb rate 32kbit ceil 96kbit tc class add dev eth0 parent 1:1 classid 1:12 htb rate 32kbit ceil 96kbit tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.1.14 flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.1.28 flowid 1:11 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.1.27 flowid 1:12 tc -s -d class show dev eth0 =========================== class htb 1:11 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 96Kbit burst 1639b/8 mpu 0b cburst 1721b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 327999 ctokens: 114799 class htb 1:1 root rate 96Kbit ceil 96Kbit burst 1721b/8 mpu 0b cburst 1721b/8 mpu 0b level 7 Sent 594260 bytes 1276 pkts (dropped 0, overlimits 0) rate 9656bps 17pps lended: 587 borrowed: 0 giants: 0 tokens: -147083 ctokens: -147083 class htb 1:10 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 96Kbit burst 1639b/8 mpu 0b cburst 1721b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 327999 ctokens: 114799 class htb 1:12 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 96Kbit burst 1639b/8 mpu 0b cburst 1721b/8 mpu 0b level 0 Sent 595490 bytes 1277 pkts (dropped 0, overlimits 0) rate 9796bps 18pps backlog 1p lended: 689 borrowed: 587 giants: 0 tokens: -306121 ctokens: -147083 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello Dan, : i have very simple script to control upload in network with 3 IP : addresses. Problem is, that rule for default class is used only and : filtering by IPs doesn''t work. I am going to guess that this is a masquerading or SNAT host. Is this accurate? : I have RH9 with kernel 2.4.20-24.9, htb script starts without errors, : iproute-2.4.7-7.90.1 installed (shouldn''t I uninstall iproute and : install iproute2?) RedHat calls the "iproute2" package "iproute". It has the tools you need--"tc"....although, I believe their RH9 iproute package is not patched to handle HTB. I imagine, though that you must have figured this out already if you are generating the below output. You appear to be adding your HTB mechanisms to one interface, eth0. This means that you are shaping traffic transmitted outbound on eth0. You are not shaping any traffic received on eth0. Do you have another interface on the machine? I presume that your other interface is the external or Internet-facing interface. This is the interface on which you should add the HTB classes for shaping upload traffic. Is this also a masquerading (SNAT) box? If so, the source IP address will no longer be 192.168.1.0/24 but rather the public IP on your box. You''ll need to use marking. You may benefit from my HOWTO [0]. Just remember that you can only shape what you transmit, and readjust your installation accordingly. -Martin [0] http://www.tldp.org/HOWTO/Traffic-Control-HOWTO/ -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> Is this also a masquerading (SNAT) box? If so, the source IP addresswill> no longer be 192.168.1.0/24 but rather the public IP on your box. You''ll > need to use marking.Hello, yes, this is router, with eth0 as internet interface and eth1 as local interface (with masquerading local hosts) - this may be the reason. Thank you, for your help, I will try to use marking, Dan. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/