I`m trying to shape both upload (eth0) and download(eth1). I made this script to acomplishthis but the filters are not working even though the classes and qdiscs are created. What am I doing wrong? #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1 htb default 10 r2q 5 tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1 htb default 10 r2q 5 tc class add dev eth0 parent 1: classid 1:2 htb rate 5Mbit burst 15k tc class add dev eth0 parent 1:2 classid 1:59 htb rate 64Kbit ceil 64Kbit tc qdisc add dev eth0 parent 1:59 handle 59 sfq perturb 10 tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.0.50 classid 1:59 tc class add dev eth1 parent 1: classid 1:2 htb rate 5Mbit burst 15k tc class add dev eth1 parent 1:2 classid 1:56 htb rate 64Kbit ceil 64Kbit tc qdisc add dev eth1 parent 1:56 handle 56 sfq perturb 10 tc filter add dev eth1 parent 1:0 protocol ip prio 100 u32 match ip dst 192.168.0.50 classid 1:56 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello, According with rules you are controlling only download (src ip) you should add a (dst rule) also. Make a try. []''s Anderson> I`m trying to shape both upload (eth0) and download(eth1). I made this> script to acomplishthis but the filters are not workingeven though the> classes and qdiscs are created. What am I doing wrong?#!/bin/bash> > > tc qdisc del dev eth0 root > tc qdisc add dev eth0 root handle 1 htb default 10 r2q5> > tc qdisc del dev eth1 root > tc qdisc add dev eth1 root handle 1 htb default 10 r2q5> > tc class add dev eth0 parent 1: classid 1:2 htb rate 5Mbit burst 15k> > tc class add dev eth0 parent 1:2 classid 1:59 htb rate64Kbit ceil 64Kbit> tc qdisc add dev eth0 parent 1:59 handle 59 sfq perturb10> tc filter add dev eth0 parent 1:0 protocol ip prio 100u32 match ip src> 192.168.0.50 classid 1:59 > > tc class add dev eth1 parent 1: classid 1:2 htb rate 5Mbit burst 15k> > tc class add dev eth1 parent 1:2 classid 1:56 htb rate64Kbit ceil 64Kbit> tc qdisc add dev eth1 parent 1:56 handle 56 sfq perturb10> tc filter add dev eth1 parent 1:0 protocol ip prio 100u32 match ip dst> 192.168.0.50 classid 1:56 > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/>__________________________________________________________________________ Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
What about this? : tc filter add dev eth1 parent 1:0 protocol ip prio 100 u32 match ip dst 192.168.0.50 classid 1:56 Is this correct for shaping upload? ----- Original Message ----- From: "andybr" <andybr@bol.com.br> To: <gaston@steel.com.ar> Cc: <lartc@mailman.ds9a.nl> Sent: Thursday, January 29, 2004 10:05 AM Subject: Re:[LARTC] Whats wrong with my script? Hello, According with rules you are controlling only download (src ip) you should add a (dst rule) also. Make a try. []''s Anderson> I`m trying to shape both upload (eth0) and download(eth1). I made this> script to acomplishthis but the filters are not workingeven though the> classes and qdiscs are created. What am I doing wrong?#!/bin/bash> > > tc qdisc del dev eth0 root > tc qdisc add dev eth0 root handle 1 htb default 10 r2q5> > tc qdisc del dev eth1 root > tc qdisc add dev eth1 root handle 1 htb default 10 r2q5> > tc class add dev eth0 parent 1: classid 1:2 htb rate 5Mbit burst 15k> > tc class add dev eth0 parent 1:2 classid 1:59 htb rate64Kbit ceil 64Kbit> tc qdisc add dev eth0 parent 1:59 handle 59 sfq perturb10> tc filter add dev eth0 parent 1:0 protocol ip prio 100u32 match ip src> 192.168.0.50 classid 1:59 > > tc class add dev eth1 parent 1: classid 1:2 htb rate 5Mbit burst 15k> > tc class add dev eth1 parent 1:2 classid 1:56 htb rate64Kbit ceil 64Kbit> tc qdisc add dev eth1 parent 1:56 handle 56 sfq perturb10> tc filter add dev eth1 parent 1:0 protocol ip prio 100u32 match ip dst> 192.168.0.50 classid 1:56 > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/>__________________________________________________________________________ Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Gastón wrote:> What about this? : tc filter add dev eth1 parent 1:0 protocol ip prio 100 > u32 match ip dst 192.168.0.50 classid 1:56 > Is this correct for shaping upload?On your upload (eth0) interface, you can''t use private IPs, because they''ve already been natted to real ones (see http://www.docum.org/stef.coene/qos/kptd/ ) If you want to shape outbound traffic based on private-lan IP, you need to mark the packets with iptables, then filter based on mark. (There are lots of examples of this in the doco and mail archives). Your download rules seem correct enough. regards,> > ----- Original Message ----- > From: "andybr" <andybr@bol.com.br> > To: <gaston@steel.com.ar> > Cc: <lartc@mailman.ds9a.nl> > Sent: Thursday, January 29, 2004 10:05 AM > Subject: Re:[LARTC] Whats wrong with my script? > > > Hello, > > According with rules you are controlling only download > (src ip) you should add a (dst rule) also. Make a try. > > > []''s > Anderson > >>I`m trying to shape both upload (eth0) and download > > (eth1). I made this > >>script to acomplishthis but the filters are not working > > even though the > >>classes and qdiscs are created. What am I doing wrong? > > #!/bin/bash > >> >>tc qdisc del dev eth0 root >>tc qdisc add dev eth0 root handle 1 htb default 10 r2q > > 5 > >>tc qdisc del dev eth1 root >>tc qdisc add dev eth1 root handle 1 htb default 10 r2q > > 5 > >>tc class add dev eth0 parent 1: classid 1:2 htb rate 5M > > bit burst 15k > >>tc class add dev eth0 parent 1:2 classid 1:59 htb rate > > 64Kbit ceil 64Kbit > >>tc qdisc add dev eth0 parent 1:59 handle 59 sfq perturb > > 10 > >>tc filter add dev eth0 parent 1:0 protocol ip prio 100 > > u32 match ip src > >>192.168.0.50 classid 1:59 >> >>tc class add dev eth1 parent 1: classid 1:2 htb rate 5M > > bit burst 15k > >>tc class add dev eth1 parent 1:2 classid 1:56 htb rate > > 64Kbit ceil 64Kbit > >>tc qdisc add dev eth1 parent 1:56 handle 56 sfq perturb > > 10 > >>tc filter add dev eth1 parent 1:0 protocol ip prio 100 > > u32 match ip dst > >>192.168.0.50 classid 1:56 >> >> >>_______________________________________________ >>LARTC mailing list / LARTC@mailman.ds9a.nl >>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: ht > > tp://lartc.org/ > > > > __________________________________________________________________________ > Acabe com aquelas janelinhas que pulam na sua tela. > AntiPop-up UOL - É grátis! > http://antipopup.uol.com.br/ > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi there folks :) I installed the ipp2p module v0.5a (i had 0.4 as well)
to classify p2p traffic.
I have it loaded and working:
Module Size Used by Not tainted
ipt_ipp2p 2656 2
And i have the CONNMARK module to mark traffic:
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m ipp2p --ipp2p -j MARK
--set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m ipp2p --ipp2p-data -j
MARK --set-mark 2
OTHER MARKING DONE FOR INTERACTIVE TRAFFIC
iptables -t mangle -A PREROUTING -m mark --mark 0 -j MARK
--set-mark 2
iptables -t mangle -A PREROUTING -j CONNMARK --save-mark
I have the qdiscs attached with HTB (working fine) and filters to
classify marks (also working)
But the outcome of a iptables -t mangle -L -n -v -x shows this for
ipp2p:
pkts bytes target prot opt in out source
destination
14097 4339998 CONNMARK all -- * * 0.0.0.0/0
0.0.0.0/0 CONNMARK restore
10067 4144428 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match !0x0
6 504 MARK icmp -- * * 0.0.0.0/0
0.0.0.0/0 MARK set 0x4
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 ipp2p v0.5a --ipp2p MARK set 0x2
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 ipp2p v0.5a --ipp2p-data MARK set 0x2
14 912 MARK udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53 MARK set 0x1
434 20812 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 MARK set 0x1
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25 MARK set 0x2
3522 169036 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:0:1024 MARK set 0x1
10 2198 MARK udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:!53 MARK set 0x2
5 240 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1863 MARK set 0x1
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1214 MARK set 0x2
2 80 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:80 MARK set 0x5
471 22600 MARK all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0x0 MARK set 0x2
4030 195570 CONNMARK all -- * * 0.0.0.0/0
0.0.0.0/0 CONNMARK save
Any one with an idea why the hell is not recognizing traffic at all??
Thank you!!
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
What if I use public, routable IPs? i.e eth0: public eth1: public and client`s ips also public. ----- Original Message ----- From: "Damion de Soto" <damion@snapgear.com> To: "Gastón" <gaston@steel.com.ar> Cc: <lartc@mailman.ds9a.nl> Sent: Friday, January 30, 2004 4:16 AM Subject: Re: [LARTC] Whats wrong with my script?> Gastón wrote: > > What about this? : tc filter add dev eth1 parent 1:0 protocol ip prio100> > u32 match ip dst 192.168.0.50 classid 1:56 > > Is this correct for shaping upload? > On your upload (eth0) interface, you can''t use private IPs, becausethey''ve already> been natted to real ones (see http://www.docum.org/stef.coene/qos/kptd/ ) > If you want to shape outbound traffic based on private-lan IP, you need tomark the> packets with iptables, then filter based on mark. > (There are lots of examples of this in the doco and mail archives). > > Your download rules seem correct enough. > > regards,_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
If you want to set upload coming from eth0 for example: tc filter add eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.0.50 classid 1:56 Try and let us know if it worked. Anderson ----- Original Message ----- From: "Gastón" <gaston@steel.com.ar> To: "andybr" <andybr@bol.com.br> Cc: <lartc@mailman.ds9a.nl> Sent: Thursday, January 29, 2004 6:19 PM Subject: Re: Re:[LARTC] Whats wrong with my script?> What about this? : tc filter add dev eth1 parent 1:0 protocol ip prio 100 > u32 match ip dst 192.168.0.50 classid 1:56 > Is this correct for shaping upload? > > ----- Original Message ----- > From: "andybr" <andybr@bol.com.br> > To: <gaston@steel.com.ar> > Cc: <lartc@mailman.ds9a.nl> > Sent: Thursday, January 29, 2004 10:05 AM > Subject: Re:[LARTC] Whats wrong with my script? > > > Hello, > > According with rules you are controlling only download > (src ip) you should add a (dst rule) also. Make a try. > > > []''s > Anderson > > I`m trying to shape both upload (eth0) and download > (eth1). I made this > > script to acomplishthis but the filters are not working > even though the > > classes and qdiscs are created. What am I doing wrong? > #!/bin/bash > > > > > > tc qdisc del dev eth0 root > > tc qdisc add dev eth0 root handle 1 htb default 10 r2q > 5 > > > > tc qdisc del dev eth1 root > > tc qdisc add dev eth1 root handle 1 htb default 10 r2q > 5 > > > > tc class add dev eth0 parent 1: classid 1:2 htb rate 5M > bit burst 15k > > > > tc class add dev eth0 parent 1:2 classid 1:59 htb rate > 64Kbit ceil 64Kbit > > tc qdisc add dev eth0 parent 1:59 handle 59 sfq perturb > 10 > > tc filter add dev eth0 parent 1:0 protocol ip prio 100 > u32 match ip src > > 192.168.0.50 classid 1:59 > > > > tc class add dev eth1 parent 1: classid 1:2 htb rate 5M > bit burst 15k > > > > tc class add dev eth1 parent 1:2 classid 1:56 htb rate > 64Kbit ceil 64Kbit > > tc qdisc add dev eth1 parent 1:56 handle 56 sfq perturb > 10 > > tc filter add dev eth1 parent 1:0 protocol ip prio 100 > u32 match ip dst > > 192.168.0.50 classid 1:56 > > > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: ht > tp://lartc.org/ > > > > > __________________________________________________________________________ > Acabe com aquelas janelinhas que pulam na sua tela. > AntiPop-up UOL - É grátis! > http://antipopup.uol.com.br/ > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Gastón wrote:> What if I use public, routable IPs? i.e eth0: public eth1: public and > client`s ips also public.Yes, you can also do that. You don''t have to though, iptables marking private IP and then filtering on marks works quite fine. regards, -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/