thr3ads.net - LARTC - fw mark torouble [Nov 2002]

If this information is useful, please help other people find it:
Share via:

Alexey Sheshka

2002-Nov-01 09:50 UTC

fw mark torouble

Hi!

I have been setup next configuration :

$TC qdisc add dev $DEVB root handle 1: htb default 30

$TC class add dev $DEVB parent 1: classid 1:1 htb rate 100mbit ceil 100mbit
burst 15k
$TC class add dev $DEVB parent 1:1 classid 1:10 htb rate 1mbit ceil 1mbit  burst
15k
$TC class add dev $DEVB parent 1:1 classid 1:30 htb rate 2mbit ceil 100mbit
burst 15k

$TC qdisc add dev $DEVB parent 1:10  sfq perturb 10
$TC qdisc add dev $DEVB parent 1:30  sfq perturb 10

$iptables -A OUTPUT -t mangle -p tcp  -d 192.168.15.129 -j MARK --set-mark 10
$tc filter add dev $DEVB protocol ip parent 1:0 prio 1 handle 10 fw classid 1:10

and all works fine, only 1 mbit goes to  192.168.15.129, but if I do

$iptables -A OUTPUT -t mangle -p tcp -s 0/0 --sport 80  -d 192.168.15.129 -j
MARK --set-mark 10
$tc filter add dev $DEVB protocol ip parent 1:0 prio 1 handle 10 fw classid 1:10

HTTP  to 192.168.15.129 goes full 100 Mbit .

Kernel 2.4.19 ; htb patch, tc binnary from HTB homepage

Where my mistake ?
Thanks.




-- 
Sheshka Aleksey
Senior Security Administrator

PGP key : http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x0BE90515
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Stef Coene

2002-Nov-01 10:54 UTC

head link

Re: fw mark torouble

On Friday 01 November 2002 10:50, Alexey Sheshka wrote:> Hi!
>
> I have been setup next configuration :
>
> $TC qdisc add dev $DEVB root handle 1: htb default 30
>
> $TC class add dev $DEVB parent 1: classid 1:1 htb rate 100mbit ceil 100mbit
> burst 15k $TC class add dev $DEVB parent 1:1 classid 1:10 htb rate 1mbit
> ceil 1mbit  burst 15k $TC class add dev $DEVB parent 1:1 classid 1:30 htb
> rate 2mbit ceil 100mbit burst 15k
>
> $TC qdisc add dev $DEVB parent 1:10  sfq perturb 10
> $TC qdisc add dev $DEVB parent 1:30  sfq perturb 10
>
> $iptables -A OUTPUT -t mangle -p tcp  -d 192.168.15.129 -j MARK --set-mark
> 10
> $tc filter add dev $DEVB protocol ip parent 1:0 prio 1 handle 10 fw
> classid 1:10
>
> and all works fine, only 1 mbit goes to  192.168.15.129, but if I do
>
> $iptables -A OUTPUT -t mangle -p tcp -s 0/0 --sport 80  -d 192.168.15.129
> -j MARK --set-mark 10
> $tc filter add dev $DEVB protocol ip parent 1:0 prio
> 1 handle 10 fw classid 1:10
>
> HTTP  to 192.168.15.129 goes full 100 Mbit .Can you check the iptables counters so you are sure that the packets get 
marked?  Maybe a tcpdump can give you more information.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Alexey Sheshka

2002-Nov-01 11:23 UTC

head link

Re: fw mark torouble

On Fri, 1 Nov 2002 11:54:08 +0100
Stef Coene <stef.coene@docum.org> wrote:
> On Friday 01 November 2002 10:50, Alexey Sheshka wrote:
> > Hi!
> >
> > I have been setup next configuration 
> >
> > $TC qdisc add dev $DEVB root handle 1: htb default 30
> >
> > $TC class add dev $DEVB parent 1: classid 1:1 htb rate 100mbit ceil
100mbit
> > burst 15k $TC class add dev $DEVB parent 1:1 classid 1:10 htb rate
1mbit
> > ceil 1mbit  burst 15k $TC class add dev $DEVB parent 1:1 classid 1:30
htb
> > rate 2mbit ceil 100mbit burst 15k
> >
> > $TC qdisc add dev $DEVB parent 1:10  sfq perturb 10
> > $TC qdisc add dev $DEVB parent 1:30  sfq perturb 10
> >
> > $iptables -A OUTPUT -t mangle -p tcp  -d 192.168.15.129 -j MARK
--set-mark
> > 10
> > $tc filter add dev $DEVB protocol ip parent 1:0 prio 1 handle 10 fw
> > classid 1:10
> >
> > and all works fine, only 1 mbit goes to  192.168.15.129, but if I do
> >
> > $iptables -A OUTPUT -t mangle -p tcp -s 0/0 --sport 80  -d
192.168.15.129
> > -j MARK --set-mark 10
> > $tc filter add dev $DEVB protocol ip parent 1:0 prio
> > 1 handle 10 fw classid 1:10
> >
> > HTTP  to 192.168.15.129 goes full 100 Mbit .
> Can you check the iptables counters so you are sure that the packets get 
> marked?  Maybe a tcpdump can give you more information.
Thanks . Problem solved. Popular mp3 server use pot 8001 and users bypass my
rules.
> 
> Stef
> 
> -- 
> 
> stef.coene@docum.org
>  "Using Linux as bandwidth manager"
>      http://www.docum.org/
>      #lartc @ irc.oftc.net

-- 



PGP key : http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x0BE90515
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Ethy H. Brito

2002-Nov-01 11:46 UTC

head link

Re: fw mark torouble

On Fri, 1 Nov 2002, Alexey Sheshka wrote:
> Hi!
> 
> 
> $iptables -A OUTPUT -t mangle -p tcp -s 0/0 --sport 80  -d 192.168.15.129
-j MARK --set-mark 10
This will only mark packets from your HTTP server (*localhost*) going to
192.168.15.129 (the client) . Is that what you mean?

Ethy H. Brito         /"\
InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
(012) 341-6860         X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
Sao Jose dos Campos   / \

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

LARTC - Nov 2002 - fw mark torouble

fw mark torouble

Re: fw mark torouble

Re: fw mark torouble

Re: fw mark torouble