Ok, earlier I post a message explaining my problem with HTB and layer7 (or
ipp2p), about not being able to shape the traffic. Well, actually this is
what''s happening, I''m marking the packets (right now,
I''m using ipp2p as
Klaus adviced me to) with iptables, and my queue rules are made using tcng,
I''m using the HTB qdisc, and traffic is going to the HTB class I order
it to,
but for some reason traffic is also going to the SMTP queue rule I have, I
don''t know why, and also I see traffic into the ACK queue, that seems
to be
normal I believe (but isn''t it supposed to get marked as bittorrent
traffic?), anyway, I have the doubt as of why is the traffic going to the
smpt queue rule, if I remove this rule it''ll go with the next rule
(ssh), and
I don''t know why, it shouldn''t do it, and I''m really
worried, because I can''t
use my bandwidth, can''t chat, browse the web, I can''t do
anything at all.
Here are my new iptables rules, and tcng ones, please take a look at them,
and tell me if you see any problem with them, and if someone had the same
problem please let me know too. Also please if you think you can help,
don''t
leave here with just one answer... because I don''t know who else to
ask, or
where!, I''ll really appreciate your help. Thank you
### IPTABLES RULES ###
#!/bin/sh
### ERASING RULES AND USER MADE CHAINS ###
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N lay7PRE
iptables -t mangle -N lay7POST
iptables -t mangle -N ipp2pPRE
iptables -t mangle -N ipp2pPOST
### PREROUTING RULES ###
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 10
iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 10
iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 10 -j CONNMARK
--save-mark
iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1
iptables -t mangle -A lay7PRE -m mark --mark 1 -j CONNMARK --save-mark
iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2
iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark
### POSTROUTING RULES ###
iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 10 -j CLASSIFY
--set-class 2:6
iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY
--set-class 2:2
iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY
--set-class 2:3
### -------------------------------------------------------------------- ###
iptables -t mangle -A PREROUTING -j lay7PRE
iptables -t mangle -A POSTROUTING -j lay7POST
iptables -t mangle -A PREROUTING -j ipp2pPRE
iptables -t mangle -A POSTROUTING -j ipp2pPOST
### TCNG RULES ###
#define UPLOAD eth1
#define UPRATE 25kBps
#define P2P 10kBps
dev UPLOAD {
egress {
class ( <$smtp> ) ;
class ( <$ssh> ) if tcp_dport == 8080 ;
class ( <$ack> )
if ip_hl == 0x5 &&
(ip_len & 0xffc0) &&
(raw[33].b >> 4) & 1 ;
class ( <$otro> ) if 1 ;
class ( <$p2p> ) ;
htb () {
class ( rate UPRATE, ceil UPRATE ) {
$smtp = class ( prio 1, rate 6kBps, ceil
12kBps ) { sfq; } ;
$ssh = class ( prio 0, rate 3kBps, ceil
5kBps ) { sfq; } ;
$ack = class ( prio 2, rate 8kBps, ceil
15kBps ) { sfq; } ;
$otro = class ( prio 1, rate 8kBps, ceil
UPRATE ) { sfq; }
$p2p = class ( prio 8, rate P2P, ceil P2P,
cburst 0bits ) { sfq; } ;
}
}
}
}
EDGAR MERINO