Dear all...
I got problem when define this rule
I had define class like this
#tc qdisc show dev eth0
qdisc tbf 8003: rate 128Kbit burst 10Kb lat 381.5ms
qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit
#tc class show dev eth0
class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
class cbq 1:1 parent 1: rate 10Mbit prio no-transmit
class cbq 1:1234 parent 1:1 leaf 8003: rate 128Kbit (bounded,isolated) prio
5
#tc filter show dev eth0
filter parent 1: protocol ip pref 100 u32
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800
bkt 0 flowid 1:1234
match 00140000/ffff0000 at 20
This configuration my iptables,
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK tcp -- anywhere anywhere state RELATED
tcp dpt:ftp MARK set 0x1
MARK tcp -- anywhere anywhere state RELATED
tcp spt:ftp MARK set 0x1
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
So, I want to limit passive ftp traffic.
1. Tag every packet that RELATED to ftp (RELATED here, I mean refer to
passive ftp).
2. Define filter
But when I define tc with fwmark value based, I got error..
I define like this
# tc filter add dev eth0 parent 1: protocol ip pref 100 handle 1 fw classid
1:1234
and I got error like this
RTNETLINK answers: Invalid argument
Why ?, any suggest ?
Thanks in Advance
Johan
--
-''-
(o o)
---------ooO--(_)--Ooo-------------------------------------------------
( )/ \( )( ) ( ) ( \( ) Visit us at http://www.pinguind.co.id
__)(( () ))__( /__\ ) ( Feel free to contact me at ICQ #47240718
(___/ \__/(_)(_)(_)(_)(_)\_) email:johan@pinguind.co.id
-----------------------------------------------------------------------
It''s easier to debug if you send as the commands you are using. Stef johan@pinguind.co.id wrote:> > Dear all... > I got problem when define this rule > I had define class like this > > #tc qdisc show dev eth0 > > qdisc tbf 8003: rate 128Kbit burst 10Kb lat 381.5ms > qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit > > #tc class show dev eth0 > class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit > class cbq 1:1 parent 1: rate 10Mbit prio no-transmit > class cbq 1:1234 parent 1:1 leaf 8003: rate 128Kbit (bounded,isolated) prio > 5 > > #tc filter show dev eth0 > filter parent 1: protocol ip pref 100 u32 > filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 > bkt 0 flowid 1:1234 > match 00140000/ffff0000 at 20 > > This configuration my iptables, > > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > MARK tcp -- anywhere anywhere state RELATED > tcp dpt:ftp MARK set 0x1 > MARK tcp -- anywhere anywhere state RELATED > tcp spt:ftp MARK set 0x1 > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > So, I want to limit passive ftp traffic. > 1. Tag every packet that RELATED to ftp (RELATED here, I mean refer to > passive ftp). > 2. Define filter > But when I define tc with fwmark value based, I got error.. > > I define like this > # tc filter add dev eth0 parent 1: protocol ip pref 100 handle 1 fw classid > 1:1234 > > and I got error like this > RTNETLINK answers: Invalid argument > > Why ?, any suggest ? > Thanks in Advance > > Johan > > > -- > -''- > (o o) > ---------ooO--(_)--Ooo------------------------------------------------- > ( )/ \( )( ) ( ) ( \( ) Visit us at http://www.pinguind.co.id > __)(( () ))__( /__\ ) ( Feel free to contact me at ICQ #47240718 > (___/ \__/(_)(_)(_)(_)(_)\_) email:johan@pinguind.co.id > ----------------------------------------------------------------------- > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/-- Staf More QOS info : http://users.belgacom.net/staf/