Dear all, I am facing problem in restricting upload traffic on fake ip address 10.0.0.0/8 network. I can easily restrict upload traffic on my real ip address. eth0 --wan port connected to internet eth1 --lan port connect to local network my script on eth1 is working properly bcoz it is for downlink traffic this is the script which is having problem. -------------------------------------------------------------------------------------------------------------------- tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:1 htb rate 80kbit ceil 80kbit quantum 1514 ### Fake ip address tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10kbit ceil 15kbit quantum 1514 tc qdisc add dev eth0 parent 1:10 handle 10 pfifo limit 2 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.2.5.15 flowid 1:10 ### Real ip address tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil 25kbit quantum 1514 tc qdisc add dev eth0 parent 1:11 handle 11 pfifo limit 2 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src x.x.x.x flowid 1:11 ----------------------------------------------------------------------------------------------------------------------- This scipt can restrict the upload for Real ip address but Cant restrict upload for Fake ip address. I have checked this by # tc -s -d class ls dev eth0 M i doing any thing wrong ?? tc filter cant match fake ip address ?????? any Help ? Thanks joel _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Is this list is died? or any one dont want to help. ????????????????????????????? Joel wrote:> Dear all, > > I am facing problem in restricting upload traffic on fake ip address > 10.0.0.0/8 network. > I can easily restrict upload traffic on my real ip address. > > eth0 --wan port connected to internet > eth1 --lan port connect to local network > > my script on eth1 is working properly bcoz it is for downlink traffic > > this is the script which is having problem. > -------------------------------------------------------------------------------------------------------------------- > tc qdisc del dev eth0 root > tc qdisc add dev eth0 root handle 1: htb > tc class add dev eth0 parent 1: classid 1:1 htb rate 80kbit ceil > 80kbit quantum 1514 > ### Fake ip address > tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10kbit ceil > 15kbit quantum 1514 > tc qdisc add dev eth0 parent 1:10 handle 10 pfifo limit 2 > tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src > 10.2.5.15 flowid 1:10 > ### Real ip address > tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil > 25kbit quantum 1514 > tc qdisc add dev eth0 parent 1:11 handle 11 pfifo limit 2 > tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src > x.x.x.x flowid 1:11 > ----------------------------------------------------------------------------------------------------------------------- > This scipt can restrict the upload for Real ip address but Cant > restrict upload for Fake ip address. > I have checked this by # tc -s -d class ls dev eth0 > M i doing any thing wrong ?? > tc filter cant match fake ip address ?????? > > any Help ? > Thanks > joel > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Joel, : Is this list is died? or any one dont want to help. No, the list is not dead. Yes, there are people here who wish to help. So get in the queue and have some patience. : I am facing problem in restricting upload traffic on fake ip address : 10.0.0.0/8 network. I can easily restrict upload traffic on my real ip : address. : : eth0 --wan port connected to internet : eth1 --lan port connect to local network : : my script on eth1 is working properly bcoz it is for downlink traffic OK. Fair enough. : this is the script which is having problem. : -------------------------------------------------------------------------------------------------------------------- : tc qdisc del dev eth0 root : tc qdisc add dev eth0 root handle 1: htb : tc class add dev eth0 parent 1: classid 1:1 htb rate 80kbit ceil 80kbit quantum 1514 : ### Fake ip address : tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10kbit ceil 15kbit quantum 1514 : tc qdisc add dev eth0 parent 1:10 handle 10 pfifo limit 2 : tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.2.5.15 flowid 1:10 When you say "fake" IP address, I presume you mean an RFC 1918 address, which is not routable on public networks. If so, then you should probably read Stef Coene''s FAQ note about this very situation [0]. : ### Real ip address : tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil 25kbit quantum 1514 : tc qdisc add dev eth0 parent 1:11 handle 11 pfifo limit 2 : tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src x.x.x.x flowid 1:11 I presume that the x.x.x.x is a public IP address you are calling the "Real ip address". : This scipt can restrict the upload for Real ip address but Cant : restrict upload for Fake ip address. : I have checked this by # tc -s -d class ls dev eth0 Have you tried watching "tc -s -d class show dev eth0" at the same time as you are watching "tcpdump -nn -i eth0 host 10.2.5.15"? Do you see any packets leaving your box with a source address of 10.2.5.15? If not, then you should be able to figure out what you need to do. : tc filter cant match fake ip address ?????? Well, frankly, "tc filter" only deigns to match on real addresses of transmitted packets*. And please don''t tap the glass. This generally leads to irritated beasts. -Martin [0] http://www.docum.org/stef.coene/qos/faq/cache/59.html * This is humour. -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/