Hi, IPTABLES --- HTB I am running HTB+static-route on multiple adsl lines and like to mark packets in iptables on LAN dev, so that I can shape traffic so that every machine in my LAN will get it''s fair share. Q1: How many different id''s is possible for mark? I would like to have about 2000. Is it possible? Q1b: Is it possible to set an id as a fuction of the src IP''s? Could I mark with id 256*zzz+www when src IP is xxx.yyy.zzz.www ? This because I would like to help iptables not using too much ticks, and it will reduse my code. Q2: I am running 2.4.20 with static route patch, and would like to patch this with connbytes-1.0a-patches.tgz , any reason I shouldn''t? Q2b: Does it exist a connbytes patch for 2.4.20 that is allready pached with static route? in adv., thnx for any answer that could lead to success. Kjell
Kjell, : Q1: How many different id''s is possible for mark? : I would like to have about 2000. Is it possible? fwmark is a u32, meaning it can accept values between 0 and 4294967295. Is that large enough for you? :) : Q1b: Is it possible to set an id as a fuction of the : src IP''s? Could I mark with id 256*zzz+www when : src IP is xxx.yyy.zzz.www ? : This because I would like to help iptables not using : too much ticks, and it will reduse my code. I wonder if you might make good use of the hashing functions supported by tc filter: http://lartc.org/howto/lartc.adv-filter.hashing.html I can''t answer the performance question you imply here, but if the tc filter hashing didn''t work for me, then I''d use a little shell script loop to create the entries. Instead of doing this, though you might find it easier to put an SFQ qdisc in the leaf HTB class and let SFQ do the hard work for you. Then you don''t need the tc filter hashing. You can separate your users by large classes, and make some special high priority classes for picky users or yourself! : Q2: I am running 2.4.20 with static route patch, : and would like to patch this with : connbytes-1.0a-patches.tgz , any reason I shouldn''t? I don''t know...... : Q2b: Does it exist a connbytes patch for 2.4.20 that : is allready pached with static route? I don''t know this one either. : in adv., : thnx for any answer that could lead to success. Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Martin,> : Q1b: Is it possible to set an id as a fuction of the > : src IP''s? Could I mark with id 256*zzz+www when > : src IP is xxx.yyy.zzz.www ? > : This because I would like to help iptables not using > : too much ticks, and it will reduse my code. > > I wonder if you might make good use of the hashing functions supported by > tc filter: > > http://lartc.org/howto/lartc.adv-filter.hashing.htmlAfter looked at this again, I think I can use it with filters, but not able to hash classes.> Instead of doing this, though you might find it easier to put an SFQ qdisc > in the leaf HTB class and let SFQ do the hard work for you. Then you > don''t need the tc filter hashing.I though of that, and I will use SFQ, but not in this way. This is because I want to do bandwidth limiting on three different levels. 1: Custummers can have more than one IP, but in sum they should not have more bandwidth than another custommer that pays equal but with only one IP (machine). 2: Custommers with more than one IP can priorize between his IP''s. 3: Different services should be limited, so that mail will get more bandwith than Kazaa, not on user level, but global level. This I think have accomplished by making ten classes under root, than I call: pop, smtp, www, ftp, kazza(ink. winmx aso), aso. Under these classes I got custommer classes, and under this I got leafs with custommers different IP''s, someone with one, and others with ten IP''s. No matter how many they got, they who payed equal should have same bandwidth regardless how many IP''s they got. To filter on IP I use U32 at the last bits in src address. Do you think I have done it "right" enough or would you do anything different?> You can separate your users by large classes, and make some special high > priority classes for picky users or yourself!not good enough for me as you can see> : Q2: I am running 2.4.20 with static route patch, > : and would like to patch this with > : connbytes-1.0a-patches.tgz , any reason I shouldn''t? > > I don''t know......Not me either. Wonder what the other Martin thinks.> : Q2b: Does it exist a connbytes patch for 2.4.20 that > : is allready pached with static route? > > I don''t know this one either.It could hurt to try. Kjell _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/