thr3ads.net - LARTC - HTB Question... [Jun 2003]

If this information is useful, please help other people find it:
Share via:

TeraHz

2003-Jun-04 20:27 UTC

HTB Question...

htb script:
#!/bin/bash
tc qdisc del dev eth1 root handle 1:
tc qdisc add dev eth1 root handle 1: htb default 12
tc class add dev eth1 parent 1: classid 1:1 htb rate 48kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:16 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:17 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:18 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:19 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:21 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:22 htb rate 4kbps ceil 48kbps

tc filter add dev eth1 parent 1:1 protocol ip handle 10 fw classid 1:10
tc filter add dev eth1 parent 1:1 protocol ip handle 11 fw classid 1:12
tc filter add dev eth1 parent 1:1 protocol ip handle 13 fw classid 1:13
tc filter add dev eth1 parent 1:1 protocol ip handle 14 fw classid 1:14
tc filter add dev eth1 parent 1:1 protocol ip handle 15 fw classid 1:15
tc filter add dev eth1 parent 1:1 protocol ip handle 19 fw classid 1:16
tc filter add dev eth1 parent 1:1 protocol ip handle 20 fw classid 1:17
tc filter add dev eth1 parent 1:1 protocol ip handle 24 fw classid 1:18
tc filter add dev eth1 parent 1:1 protocol ip handle 29 fw classid 1:19
tc filter add dev eth1 parent 1:1 protocol ip handle 32 fw classid 1:20
tc filter add dev eth1 parent 1:1 protocol ip handle 33 fw classid 1:21
tc filter add dev eth1 parent 1:1 protocol ip handle 34 fw classid 1:22
iptables -F -t mangle
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.10 -j MARK --set-
mark 10
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.11 -j MARK --set-
mark 11
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.13 -j MARK --set-
mark 13
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.14 -j MARK --set-
mark 14
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.15 -j MARK --set-
mark 15
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.19 -j MARK --set-
mark 19
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.20 -j MARK --set-
mark 20
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.24 -j MARK --set-
mark 24
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.29 -j MARK --set-
mark 29
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.32 -j MARK --set-
mark 32
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.33 -j MARK --set-
mark 33
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.34 -j MARK --set-
mark 34



Firewall ans routing script:
#!/bin/sh
IPT=/usr/sbin/iptables
EXTIF="eth1"
INTIF="eth0"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPT -P INPUT ACCEPT
$IPT -F INPUT
$IPT -P OUTPUT ACCEPT
$IPT -F OUTPUT
$IPT -P FORWARD DROP
$IPT -F FORWARD
$IPT -t nat -F
$IPT -A FORWARD -i $EXTIF -o $INTIF -m state --state 
ESTABLISHED,RELATED -j ACCEPT
#$IPT -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPT -A FORWARD -j LOG
$IPT -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#####THE FIREWALL PART######
$IPT -A INPUT -i $INTIF -j DROP
$IPT -A INPUT -i $INTIF -s 192.168.193.10 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.11 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.13 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.14 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.15 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.19 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.20 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.24 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.29 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.32 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.33 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.34 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.10 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.11 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.13 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.14 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.15 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.19 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.20 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.24 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.29 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.32 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.33 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.34 -j ACCEPT
$IPT -A FORWARD -i $INTIF -j DROP



this are the latest scripts. I''ve made a LOT of changes.

the packets are marking:

iptables -L -n -v -t mangle
Chain PREROUTING (policy ACCEPT 113K packets, 79M bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain INPUT (policy ACCEPT 4001 packets, 587K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 109K packets, 79M bytes)
 pkts bytes target     prot opt in     out     source               
destination
    6   507 MARK       all  --  eth0   *       192.168.193.10       
0.0.0.0/0          MARK set 0xa
  392 26685 MARK       all  --  eth0   *       192.168.193.11       
0.0.0.0/0          MARK set 0xb
  167 10011 MARK       all  --  eth0   *       192.168.193.13       
0.0.0.0/0          MARK set 0xd
    0     0 MARK       all  --  eth0   *       192.168.193.14       
0.0.0.0/0          MARK set 0xe
    0     0 MARK       all  --  eth0   *       192.168.193.15       
0.0.0.0/0          MARK set 0xf
    0     0 MARK       all  --  eth0   *       192.168.193.19       
0.0.0.0/0          MARK set 0x13
    0     0 MARK       all  --  eth0   *       192.168.193.20       
0.0.0.0/0          MARK set 0x14
  924 37625 MARK       all  --  eth0   *       192.168.193.24       
0.0.0.0/0          MARK set 0x18
    0     0 MARK       all  --  eth0   *       192.168.193.29       
0.0.0.0/0          MARK set 0x1d
    0     0 MARK       all  --  eth0   *       192.168.193.32       
0.0.0.0/0          MARK set 0x20
 1951 82564 MARK       all  --  eth0   *       192.168.193.33       
0.0.0.0/0          MARK set 0x21
    0     0 MARK       all  --  eth0   *       192.168.193.34       
0.0.0.0/0          MARK set 0x22

Chain OUTPUT (policy ACCEPT 414 packets, 112K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 109K packets, 79M bytes)
 pkts bytes target     prot opt in     out     source               
destination

The filters are not working:

 tc -s -d class show dev eth1
class htb 1:11 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:22 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:1 root rate 384Kbit ceil 384Kbit burst 2090b/8 mpu 0b cburst 
2090b/8 mpu 0b level 7
 Sent 279228 bytes 4454 pkts (dropped 0, overlimits 0)
 rate 2099bps 29pps
 lended: 38 borrowed: 0 giants: 0
 tokens: 29519 ctokens: 29519

class htb 1:10 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:13 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:20 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:12 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 279228 bytes 4454 pkts (dropped 0, overlimits 0)
 rate 2101bps 29pps
 lended: 4416 borrowed: 38 giants: 0
 tokens: 264002 ctokens: 29519

class htb 1:21 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:15 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:14 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:17 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:16 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:19 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:18 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

If I change the parent of the filters from 1:1 to 1: -> nothing happens!
Please tell me where is the problem!!!
Играй и спечели с Автомобилен Салон София 2003 - http://auto.dir.bg
-------------------------------------------------------------------
Направи си адрес в mail.bG - http://mail.bg/new/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Stef Coene

2003-Jun-04 20:46 UTC

head link

Re: HTB Question...

I deleted some parts of your previous mail.
> tc filter add dev eth1 parent 1:1 protocol ip handle 10 fw classid 1:10
> iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.10 -j MARK --set-
> Chain FORWARD (policy ACCEPT 109K packets, 79M bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     6   507 MARK       all  --  eth0   *       192.168.193.10
> 0.0.0.0/0          MARK set 0xaMarking is in hex.  So you have to check the filters.  If you execute
tc -s -d fiter show dev eth0
you should see your filter statemens and the handle should also be in hex.  If 
it''s not, you can change your commands so you specify the handle in hex
:

tc filter add dev eth1 parent 1:1 protocol ip handle 0x10 fw classid 1:10

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

LARTC - Jun 2003 - HTB Question...

HTB Question...

Re: HTB Question...