Hi, I want to be able to specify actions for different classes of traffic in any of these four ways, and I''d like to use only HTB if possible: 1. No guranteed rate, No ceil 2. Guaranteed rate, No ceil 3. No guranteed rate, Ceil specified 4. Guaranteed rate, Ceil specified For types 2, 3 and 4 there can be several classes of each, with different rates and ceilings. 4 is ofcourse easy. 2 is also easy - just set ceil to the ceil of the parent class. But I''m not sure whether 1 can be accomplished with this:> there is build-in passthru class named X:0 where X is your > handle. Simply set "default 0" when creating htb and all > unclassified packets will go directly thru. > devikDoes "go directly thru" mean that unclassified packets are sent *before* packets belonging to a class with a guarateed rate? Or does it mean that unclassified packets get sent when there is bandwidth to spare (which is what I want) ? And what about lending? In what proportion does this "passthru class" lend bandwidth compared to other classes? And for 3 I have no idea if it''s possible using only HTB? Setting rate to 0 doesn''t work. //Marcus -- ---------------------------------------+-------------------------- Marcus Sundberg <marcus@ingate.com> | Firewalls with SIP & NAT Firewall Developer, Ingate Systems AB | http://www.ingate.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> I want to be able to specify actions for different classes of > traffic in any of these four ways, and I''d like to use only > HTB if possible: > > 1. No guranteed rate, No ceil > 2. Guaranteed rate, No ceil > 3. No guranteed rate, Ceil specified > 4. Guaranteed rate, Ceil specifiedWhat do you mean with no ceil? Do you mean that the classes can send at full device speed? Then the ceil = device speed. For htb, no ceil means ceil = rate. No guaranteed rate can be simulated by creating 2 classes : root class rate = cail = 100 % class 1 = rate 1%, ceil 100% class 2 = rate 99%, ceil 100% Class 1 will have (allmost) no guaranteed bandwidth. In worst case senario, it get''s only 1 % of the bandwidth. But if class 2 uses only 20%, class 1 can get''s the remaining 80%. Of course you can change the ceil to match case 3.> For types 2, 3 and 4 there can be several classes of each, with > different rates and ceilings. > > 4 is ofcourse easy. 2 is also easy - just set ceil to the ceil of > the parent class. But I''m not sure whether 1 can be accomplished > with this: > > there is build-in passthru class named X:0 where X is your > > handle. Simply set "default 0" when creating htb and all > > unclassified packets will go directly thru. > > devik > > Does "go directly thru" mean that unclassified packets are sent > *before* packets belonging to a class with a guarateed rate? Or > does it mean that unclassified packets get sent when there is > bandwidth to spare (which is what I want) ? And what about lending? > In what proportion does this "passthru class" lend bandwidth compared > to other classes?It means that all the packets will get sended as fast as the hardware can. The packets will end up in the queue just before the device so they can eat bandwidth from other classes (and that''s not what you want). Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Dear listreaders, This is about my last hope! I''m new to this list. Running Suse Linux 8 (for shortly installed over 7.2) I have an adsl connection and can loggin 4 times. Every time I loggin at my ISP I get an ipadres. So I own 4 ipadresses. Only this first adress is working. The other 3 are connected, can do a tcpdump and see reaction''s only the one who is pinging doesn''t get an reaction. So, apperently the machine doesn''t react to this ipadresses because they are not in the system or so???? I put in a piece tcpdump. tcpdump: listening on ppp1 14:37:42.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:43.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:44.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:45.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:46.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:47.123230 194.109.6.44 > 213.84.46.145: icmp: echo request 14:37:48.123230 194.109.6.44 > 213.84.46.145: icmp: echo request Reaction from the ping adres PING 213.84.46.145 (213.84.46.145): 56 data bytes ^C --- 213.84.46.145 ping statistics --- 7 packets transmitted, 0 packets received, 100% packet loss I can ping from my intern network then it works normal with a normal reaction. I have a server (the machine discused above) and 4 machine getting there internetaccess from the server with iptables. #!/bin/sh # Masquerading firewall (simpel) # 13 augustus 2001 # Bart Geverts (bart@hakkefest.linux-site.net) # Een hele eenvoudige masquerading firewall waarmee het mogelijk om met het # hele achterliggende LAN het internet op te kunnen. Het ''firewall'' gedeelte # bestaat uit het afsluiten van een aantal poorten waarop relatief riskante # servers draaien. Alleen de variabelen moeten aan de omgeving worden aangepast. ############################################################################ #### # variabelen # waar iptables staat IPTABLES="/usr/sbin/iptables" # interfaces INTERNAL_INTERFACE="eth1" # interface waarmee gateway aan lokale netwerk zit EXTERNAL_INTERFACE="ppp+" # interface waarmee gateway aan het internet zit #EXTERNAL_INTERFACE2="ppp1" # tweede ipnr #EXTERNAL_INTERFACE3="ppp2" # derde #EXTERNAL_INTERFACE4="ppp3" # vierde # ipadressen / netwerken LAN="196.168.0.1/24" # lokale netwerk # ip nummers #IP_nr_1="213.84.46.144" #IP_nr_2="213.84.46.145" #IP_nr_3="213.84.46.146" #IP_nr_4="213.84.46.147" ############################################################################ #### # clean-up + init # flush en clear alle rules en zet de tellers op 0 $IPTABLES -F $IPTABLES -X $IPTABLES -Z $IPTABLES -t nat -F $IPTABLES -t nat -X $IPTABLES -t nat -Z # set de default policies $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT ############################################################################ #### # initialiseren van de kernel ## Enable IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward ############################################################################ #### # masquerade ## Alles met afkomst van of bestemming lokale netwerk heeft forwarden $IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE -j MASQUERADE $IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE -s $LAN -d ! $LAN -j ACCEPT $IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i $EXTERNAL_INTERFACE -d $LAN -s ! $LAN -j ACCEPT ############################################################################ ##### Tweede IPnr #$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE_2 - MASQUERADE #$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE2 -s $LAN -d ! $LAN -j ACCEPT #$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i $EXTERNAL_INTERFACE2 -d $LAN -s ! $LAN -j ACCEPT #$IPTABLES -A INPUT -i $EXTERNAL_INTERFACE_2 -j ACCEPT #$IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE_2 -j ACCEPT ############################################################################ #### # riskante servers afsluiten ## telnet afsluiten voor de buitenwereld $IPTABLES -A INPUT -p tcp --destination-port 23 -i $EXTERNAL_INTERFACE -j DROP # #$IPTABLES -L If my ipadresses working properly then I want to extend the firewallscript to a normal working firewall (in the mean time I have updated my swiss cheese to a normal functional firewall). I hope somebody can help me out here and tell me how to (I think Postrouting or so) my 3 adresses. If there is somebody interested I have put a lot of information on a webpages and publised it on the first ipadres: http://gandalf.xs4all.nl/Suse.html So please help! Greetings, Nico Berg _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/