Im new in HTB, i use CBQ. But reading i decided to change to HTB.
Well this my scrip to test it (i get it from HTB user guide)
Here the problems is all my traffic is going trought 1:12 (default) (see that
ceil is 1kbps for this class and my download ratio is 1kbps)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#! /bin/sh
#
# r2q = 3D smallest_rate_you_have / 1500
R2Q=1
tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1: htb r2q $R2Q default 12
tc class add dev eth0 parent 1: classid 1:1 htb rate 5kbps ceil 5kbps
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3kbps ceil 5kbps
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 2kbps ceil 5kbps
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 1kbps ceil 1kbps
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.0.4 ip dport 80 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.0.4 match ip dport 21 0xffff flowid 1:11
echo ''Cola:''
tc qdisc show dev eth0
echo ''Clases:''
tc class show dev eth0
echo ''Filtro:''
tc filter show dev eth0
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I probe without the port 80 but still going trought 1:12
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src
192.168.0.4 flowid 1:10
Here is other config that a try, like i do with CBQ using mark with iptables:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
iptables -t mangle -F
iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.4 -d ! 192.168.0.0/24
--dport 80 -j MARK --set-mark 80
iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.4 -d ! 192.168.0.0/24
--dport 21 -j MARK --set-mark 21
tc filter add dev eth0 parent 1:0 protocol ip handle 80 fw flowid 1:10
tc filter add dev eth0 parent 1:0 protocol ip handle 21 fw flowid 1:11
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
But well, it didn''t work too.
Well i will searching in FAQ or mailing list.
Thanks in advantage.
Sebastián A. Aresca
Rosario - Argetina
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, i am having big touble wiht traffic shaping and kazza, by any reason, it seems to collapse all the system. I have a firewall to stop users using p2p programs during day time, and then its totally free for them to access anywhere during night-time. First problem Problem... KaZZa During day-time, there are kazza servers accepting connections on pot 80, and because i cant filter that port, my users can dowload. I have tried to study the sequence of kazza programs using tcpdump, but i got no conclusions, Does anybody know how to distinguish between HTTP connections and KaZZa? Second Problem... KaZZa (hehehe) During night-time, i register lots of ack packets due to kazza programs, anybody in the same situation? I just red about layer-7 filtering, but i cant change my kernel right now, so i want to try as much as i can with packet filtering.. Anybody here? Thank You GoMi -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPsDqz37diNnrrZKsEQKkTwCeMuH0YpDT7Qxg6XMdycivAYUqgM4AniF0 fo6yBE3P1OqqZrKHt5t7fxaf =Z00o -----END PGP SIGNATURE-----