Hi, I tried using under a htb qdisc u32 filter for 1 class , and fw classifier for another but i get "RTNETLINK answers: Invalid argument" when i wanr ro insert the second type of classifier. Using either u32 alone or fw alone work, so can''t be a kernel or tc problem ( 2.4.21-ac1, tc with htb patch). Looks like isn''t allowed to mix different classifiers under the same qdisc , but i didn''t find any reference to this in the man pages, or in the howto. Can somebody confirm this behaviour and/or explain? Thanks -- Marton Sandor - sanyi@sigmasoft.ro _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Marton, * On Wed, Aug 13, 2003 at 05:44 AM (+0300), Marton Sandor wrote:> I tried using under a htb qdisc u32 filter for 1 class , and fw > classifier for another but i get "RTNETLINK answers: Invalid argument" > when i wanr ro insert the second type of classifier.I don''t get any error messages when starting a script like this one: #!/bin/bash TC=./tc DEV=eth0 LAN=192.168.1.0/24 $TC qdisc del dev $DEV root $TC qdisc add dev $DEV root handle 1:0 htb $TC class add dev $DEV parent 1:0 classid 1:1 htb rate 2048kbit $TC class add dev $DEV parent 1:0 classid 1:2 htb rate 4096kbit $TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip dst $LAN classid 1:1 $TC filter add dev $DEV parent 1:0 protocol ip prio 2 handle 5 fw classid 1:2> Using either u32 alone or fw alone work, so can''t be a kernel or tc > problem (2.4.21-ac1, tc with htb patch).Here: "linux-2.4.21", tc binary which is available within [1].> Looks like isn''t allowed to mix different classifiers under the same > qdisc , but i didn''t find any reference to this in the man pages, or > in the howto. Can somebody confirm this behaviour and/or explain?At least here it seems to function. Stupid question: Are you sure that your kernel supports the "fw" classifier? Bye, Steffen [1] http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, I would like to know whether can we do bandwidth management(traffic control) for incomming traffic to firewall. For ex;- If my firewall WAN interface IP is 203.145.1.2 and any data from internet comming to 203.145.1.2 whether can be controlled...? If my total bandwidth= 512kb and I want to allocate 100kb to a LAN m/c with IP 192.168.1.2 for http traffic, how will I do it..? -Raghu _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Raghuveer, : I would like to know whether can we do bandwidth management(traffic : control) for incomming traffic to firewall. For ex;- If my firewall WAN : interface IP is 203.145.1.2 and any data from internet comming to : 203.145.1.2 whether can be controlled...? If my total bandwidth= 512kb : and I want to allocate 100kb to a LAN m/c with IP 192.168.1.2 for http : traffic, how will I do it..? If your linux host is not the source or sink for any of the traffic, you can shape the inbound traffic on the inside interface of your bandwidth management box. If, however, the directly connected box is the source or sink for traffic, you''ll need to look at other options. I would suggest considering IMQ. (Search the archives.) http://www.google.com/search?q=site%3Amailman.ds9a.nl+IMQ http://www.google.com/search?q=site%3Amailman.ds9a.nl+IMQ+ingress You can also use an ingress qdisc and a policer. (Search the archives.) http://www.google.com/search?q=site%3Amailman.ds9a.nl+ingress+policer And there''s a recent posting on this topic: http://mailman.ds9a.nl/pipermail/lartc/2003q3/009572.html -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wed, 13 Aug 2003, Steffen Moser wrote:> > I tried using under a htb qdisc u32 filter for 1 class , and fw > > classifier for another but i get "RTNETLINK answers: Invalid argument" > > when i wanr ro insert the second type of classifier. > > I don''t get any error messages when starting a script like this one: > > #!/bin/bash > > TC=./tc > DEV=eth0 > LAN=192.168.1.0/24 > > $TC qdisc del dev $DEV root > $TC qdisc add dev $DEV root handle 1:0 htb > > $TC class add dev $DEV parent 1:0 classid 1:1 htb rate 2048kbit > $TC class add dev $DEV parent 1:0 classid 1:2 htb rate 4096kbit > > $TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip dst $LAN classid 1:1 > $TC filter add dev $DEV parent 1:0 protocol ip prio 2 handle 5 fw classid 1:2Yes, this script work. I compared with my script and i observed that i get the error message only when i have the same prio for the filters. Try the fw filter with "prio 1 handle 5 fw" Different prio''s will solve my problem but still i''m curious -- Marton Sandor - sanyi@sigmasoft.ro _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Thanks Martin for valuable links, Iam going through it. I want to apply traffic control rules for the incomming traffic to my firewall, which is what we call it as Ingress mode, am I right....? Just to confirm, suppose my firewall WAN interface is eth0 with IP 66.218.71.198 and LAN interface is eth1 with IP 192.168.1.2. So any traffic from Internet---->WAN is where I want to do traffic control for my LAN IP''s. Hence amI right in saying that in ingress mode traffic control will be happening at eth0 interface(or ppp0 interface, WAN with ppp0 enabled). I saw in the link documents that, for ingress we are using imq0, so how this will fit into my scenario...?. I understood that in ingress mode we have to drop the packets instead of queueing it like in egress mode, so is it going to have any effects other than latency...? -Raghu Martin A. Brown wrote:>Raghuveer, > > : I would like to know whether can we do bandwidth management(traffic > : control) for incomming traffic to firewall. For ex;- If my firewall WAN > : interface IP is 203.145.1.2 and any data from internet comming to > : 203.145.1.2 whether can be controlled...? If my total bandwidth= 512kb > : and I want to allocate 100kb to a LAN m/c with IP 192.168.1.2 for http > : traffic, how will I do it..? > >If your linux host is not the source or sink for any of the traffic, you >can shape the inbound traffic on the inside interface of your bandwidth >management box. If, however, the directly connected box is the source or >sink for traffic, you''ll need to look at other options. > >I would suggest considering IMQ. (Search the archives.) > > http://www.google.com/search?q=site%3Amailman.ds9a.nl+IMQ > http://www.google.com/search?q=site%3Amailman.ds9a.nl+IMQ+ingress > >You can also use an ingress qdisc and a policer. (Search the archives.) > > http://www.google.com/search?q=site%3Amailman.ds9a.nl+ingress+policer > >And there''s a recent posting on this topic: > > http://mailman.ds9a.nl/pipermail/lartc/2003q3/009572.html > >-Martin > > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi there Raghuveer, Just a brief answer here. : I want to apply traffic control rules for the incomming traffic to my : firewall, which is what we call it as Ingress mode, am I right....? : Just to confirm, suppose my firewall WAN interface is eth0 with IP : 66.218.71.198 and LAN interface is eth1 with IP 192.168.1.2. So any : traffic from Internet---->WAN is where I want to do traffic control for : my LAN IP''s. Hence amI right in saying that in ingress mode traffic : control will be happening at eth0 interface(or ppp0 interface, WAN with : ppp0 enabled). : : I saw in the link documents that, for ingress we are using imq0, so how : this will fit into my scenario...?. I understood that in ingress mode : we have to drop the packets instead of queueing it like in egress mode, : so is it going to have any effects other than latency...? If you are using the Internet-connected host simply as a routing, firewalling, masquerading and bandwidth controlling host, simply forget about using IMQ. Just shape the inbound traffic on your eth0 before you transmit it to the clients, and shape the outbound traffic on ppp0 (wan0?) before you transmit it to the Internet. Best of luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/