What''s wrong... I have Celeron 633MHz nd 768Mb RAM. When I''m running my script everything is OK, but when I''m connecting Internet and LAN link computer is hanging. But when i dissconnect this everything is OK. I have 500 users, 1500 classes and 3000 filters. Is it normal? What should I do?
* Konrad <42A6DA9A.1010900@tlen.pl> 2005-06-08 13:46> When I''m running my script everything is OK, but when I''m connecting > Internet and LAN link computer is hanging. But when i dissconnect this > everything is OK.What kernel version are you running? Can you provide an oops message?
On Wed, 08 Jun 2005 13:46:34 +0200 Konrad <kcem@tlen.pl> wrote:>I have 500 users, 1500 classes and 3000 filters.Perhaps you might try WRR instead of having so many HTB classes? Yours sincerely, Peter
Thomas Graf wrote:> * Konrad <42A6DA9A.1010900@tlen.pl> 2005-06-08 13:46 > >>When I''m running my script everything is OK, but when I''m connecting >>Internet and LAN link computer is hanging. But when i dissconnect this >>everything is OK. > > > What kernel version are you running? Can you provide an oops message?Without any errors... Only 2000ms ping to this computer and don''t respond when pressing keys keyboard :/ (until I disconect LAN).
Rio Martin. wrote:> Perhaps you use IMQ + iptables MARKING and you made mistake with the way you > mark packets.I''m using IMQ with connmark and u32 mark, but when I''m connecting 1 comp it works. Kernel 2.6.11, HTB without HYSTERESIS, SFQ_DEPTH 16.
* Konrad <42A6EA14.3000701@tlen.pl> 2005-06-08 14:52> Thomas Graf wrote: > >* Konrad <42A6DA9A.1010900@tlen.pl> 2005-06-08 13:46 > > > >>When I''m running my script everything is OK, but when I''m connecting > >>Internet and LAN link computer is hanging. But when i dissconnect this > >>everything is OK. > > > > > >What kernel version are you running? Can you provide an oops message? > Without any errors... > Only 2000ms ping to this computer and don''t respond when pressing keys > keyboard :/ (until I disconect LAN).What kernel version are you running? (Please answer questions the first time I ask them, it is in your interest.) Do you see any messages in the console (dmesg)?
Rio Martin. wrote:> Perhaps you use IMQ + iptables MARKING and you made mistake with the way you > mark packets.I''m using IMQ with connmark and u32 mark, but when I''m connecting 1 comp it works. Kernel 2.6.11, HTB without HYSTERESIS, SFQ_DEPTH 16.
Perhaps you use IMQ + iptables MARKING and you made mistake with the way you mark packets. - Rio.Martin - On Wednesday 08 June 2005 11:46, Konrad wrote:> What''s wrong... I have Celeron 633MHz nd 768Mb RAM. > > When I''m running my script everything is OK, but when I''m connecting > Internet and LAN link computer is hanging. But when i dissconnect this > everything is OK. > > > I have 500 users, 1500 classes and 3000 filters. > > > Is it normal? What should I do?
Tested in my Pentium 4 Router with 512MB RAM when playing with IMQ + iptables marking PREROUTING , FORWARD, POSTROUTING made this PC dizzy and reboot several times .. he he :)) so I think this is the same situation .. - Rio.Martin - On Wednesday 08 June 2005 12:56, Konrad wrote:> Rio Martin. wrote: > > Perhaps you use IMQ + iptables MARKING and you made mistake with the way > > you mark packets. > > I''m using IMQ with connmark and u32 mark, but when I''m connecting 1 comp > it works. > Kernel 2.6.11, HTB without HYSTERESIS, SFQ_DEPTH 16. > _______________________________________________
Rio Martin. wrote:> Tested in my Pentium 4 Router with 512MB RAM when playing with IMQ + iptables > marking PREROUTING , FORWARD, POSTROUTING made this PC dizzy and reboot > several times .. he he :)) > so I think this is the same situation ..What kernel are you using - does it crash with a normal setup ie. not in forward and specifying interfaces in iptables rules etc. Andy.
On Thursday 09 June 2005 23:48, Andy Furniss wrote:> Rio Martin. wrote: > > Tested in my Pentium 4 Router with 512MB RAM when playing with IMQ + > > iptables marking PREROUTING , FORWARD, POSTROUTING made this PC dizzy > > and reboot several times .. he he :)) > > so I think this is the same situation .. > What kernel are you using - does it crash with a normal setup ie. not in > forward and specifying interfaces in iptables rules etc. > > Andy.I tried to made dumb rules Andy .. after incoming packets jump to ( -i eth0 -j IMQ1) i made another jump when packets leaving out eth1 (-o eth1 -j IMQ1) he he he , results, kernel crash and reboot several times when big packets arrived. So, enough for the try n error, wont try again. root@DTC:/home/t3rm# uname -a Linux DTC 2.4.29 #1 Sat Feb 12 16:26:06 WIT 2005 i686 unknown - Rio.Martin -
Rio Martin. wrote:> > I tried to made dumb rules Andy .. > after incoming packets jump to ( -i eth0 -j IMQ1) i made another jump when > packets leaving out eth1 (-o eth1 -j IMQ1) > > he he he , results, kernel crash and reboot several times when big packets > arrived. So, enough for the try n error, wont try again. > > root@DTC:/home/t3rm# uname -a > Linux DTC 2.4.29 #1 Sat Feb 12 16:26:06 WIT 2005 i686 unknown > > - Rio.Martin - >Yea I got 2.6.10 IIRC to crash doing similar (to make eth0 single duplex) I''ll have to try again sometime with a later kernel. Andy.
> > after incoming packets jump to ( -i eth0 -j IMQ1) i made another jump when > > packets leaving out eth1 (-o eth1 -j IMQ1) > > > > he he he , results, kernel crash and reboot several times when big packets > > arrived. So, enough for the try n error, wont try again.I think kernel panics are triggered by IMQ. I was able to solve that problem with following rules: iptables -t mangle -A POSTROUTING -o eth0 -s ! 192.168.100.100 -j IMQ --todev imq0 iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev imq0 (eth0 is my internal NIC, with 192.168.100.100 ip address). i.e. no download shaping from "local machine". By using the same IMQ and NIC device for both, POSTROUTING and PREROUTING, I am able to simulate "half-duplex" link. (bandwidth for upload/download is shared). tcng works great in the above combination. Kernel 2.6.11.11 (with ck patches)
Andy Furniss wrote:> Rio Martin. wrote: > >> >> I tried to made dumb rules Andy .. after incoming packets jump to ( >> -i eth0 -j IMQ1) i made another jump when packets leaving out eth1 (-o >> eth1 -j IMQ1) >> >> he he he , results, kernel crash and reboot several times when big >> packets arrived. So, enough for the try n error, wont try again. >> >> root@DTC:/home/t3rm# uname -a >> Linux DTC 2.4.29 #1 Sat Feb 12 16:26:06 WIT 2005 i686 unknown >> >> - Rio.Martin - >> > > Yea I got 2.6.10 IIRC to crash doing similar (to make eth0 single > duplex) I''ll have to try again sometime with a later kernel.Well I tried and I couldn''t get 2.6.12-rc1 to crash doesn''t mean you couldn''t of course. Andy.
Adis Nezirovic wrote:>>>after incoming packets jump to ( -i eth0 -j IMQ1) i made another jump when >>>packets leaving out eth1 (-o eth1 -j IMQ1) >>> >>>he he he , results, kernel crash and reboot several times when big packets >>>arrived. So, enough for the try n error, wont try again. > > > I think kernel panics are triggered by IMQ. I was able to solve that > problem with following rules: > > iptables -t mangle -A POSTROUTING -o eth0 -s ! 192.168.100.100 -j IMQ > --todev imq0 > iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev imq0 > > (eth0 is my internal NIC, with 192.168.100.100 ip address). > i.e. no download shaping from "local machine". By using the same IMQ > and NIC device for both, POSTROUTING and PREROUTING, I am able to > simulate "half-duplex" link. (bandwidth for upload/download is > shared). > > tcng works great in the above combination. > > > Kernel 2.6.11.11 (with ck patches)I am lucky I don''t really have to shape for single duplex. There are alternatives eg if you only need to do forwarded traffic mark -i eth0 -o eth1 in forward and visa versa and then jump to imq for the marked packets just from postrouting. If you need to include local traffic and don''t need to hook imq after de-nat in prerouting you could use a modified dummy device instead. Replace drivers/net/dummy.c with the one attached rebuild and you can shape with it. I can''t find the script I tested but could do another example sometime if anyone needed. Andy. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc