search for: traffic

Hello, I would like to make filter that allows communication only between specified VMs. Those VMs should be specified by their MAC address. The filter should extend clean-traffic but I was not able to get it working with that reference. I have came up with modified clean-traffic which works fine [1]. Is there a way to achieve the same behavior with reference to clean-traffic? Thank you. Best wishes, Ales Musil [1] <filter name='clean-traffic-gateway'> <!-...

...that. If there is a router between the networks and it is needed for some cases then you could change the filter I have posted to use IP restriction instead of MAC one e.g [2]. Have not tested it myself but it should work fine. Hopefully this helps. Regards, Ales. [1] <filter name='clean-traffic-ip-gateway'> <!-- An example of a traffic filter enforcing clean traffic from a VM by - preventing MAC spoofing --> <filterref filter='no-mac-spoofing'/> <!-- preventing IP spoofing on outgoing --> <filterref filter='no-ip-spoofing'/>...

Dear List, I am wanting to perform some traffic shaping as the subject of this email suggests. What I am wanting to do is this; I would like to have traffic shaping performed on the following protocols: HTTP, RDP, GRE, PPTP, SIP and IAX. Obviously I would like to have highest priority set for voice packets so much so that the general http...

Hi, I have several users on the lanside each allocated separate IP addresses. I need to allocate th traffic to each IP addresses certain portion of total uplink. Say, 192.168.0.2 rate 128kbps, ceil 128kbps. 192.168.0.3 rate 65kbps, ceil 128kbps 129.168.0.4 rate 64kbps, ceil 64kbps. and so on.... Also, for each user i would like to prioritize the traffic within the allocated bandwidth. say for (192.168...

Folks, I am a little bit confuse in how to put these packets into correct mangle table for traffic shaping. This is what i ve planned to do: - - - - :eth0 [ LINUX-BOX ] eth1: - - - - Let say: eth0: 220.100.1.1 eth1: 192.168.1.1 eth1:1 192.168.1.2 192.168.1.0/24 get natted into 220.100.1.1 before reaching the internet. I put every packets coming from internet (eth0) this way: # iptables -t ma...

Hi, I have what to me is an interesting issue. I am wanting to prioritize (QoS) traffic that will be passing through an IPSec (OpenS/WAN) VPN between two (identical) Linux routers. I know that I can apply the IPSec patches (1-4) to the kernel and IPTables (if they are not already applied by now) filter traffic before and after IPSec encapsulation. My problem is that I don'...

Hi, I can''t get traffic shaping working. This is my situation: -------- ------ Net1 ----- |router| -------------------- | TC | ----------- Net2 -------- leased line ------ eth1 eth0 We use the leased line for normal traffic but also for synchronisation bet...

Dear list, I want to rate-limit a couple of customers in both up and down directions. They get a different speed for traffic staying on our network than for traffic towards/from the internet, so that''s a master class and 2 child classes per customer per interface. I made a test setup with cbq which worked, but wasn''t too reliable I measured a tolerance of about 30%. I read that cbq is not maintained,...

Hi Guys, Here is a question that is probably of concern to many of us. I am under pressure to provide some solution for ingress traffic shaping. What my customer demands is to divide the downstream (ingress) of an ADSL lines to two classes of traffic - important traffic and non important downloads. He has a very reasonable requirement: he wants a guarantee of at least 1000kbps at all times for the important traffic on the downstrea...

LS, Spent a lot of this weekend reading about shaping and traffic control. The Howto is very extensive... :-) I hope to use this list to see if what I want is possible. The situation: - A central (big) Citrix cluster located in Frankfurt (all servers in one subnet) - The office in Rotterdam connected to Franfurt with a 2Mbit line - The office in Bergen (Norway)...

...l rate 900kbit but "tc -s class show dev ppp0" shows class hfsc 1:11 parent 1:1 sc m1 0bit d 6.0ms m2 500000bit \ ul m1 0bit d 0us m2 900000bit Where does the "0bit d 6.0ms" come from, (what does the other stuff exactly mean) and what would be a good setting for voip traffic? This qdisc only affects outgoing traffic. But I also want to control incoming packets and keep the isp''s queue empty. Question 2: What is the best solution for doing this: ingress qdisc, IMQ, ... (thers''s only one link to isp)? Much traffic on this line is UDP traffic (...

I have two interfaces, eth0 and eth1 but i can''t discern the egress traffic than ingress traffic. I need to apply htb qdisc in both directions, and I read that I need the IMQ patch to do this, because in ingress qdisc i can''t apply htb qdisc...but where is the ingress qdisc? affect the traffic that goes from eth0 to eth1 or is for the traffic that goes from eth1 t...

Hi I am search a sample config for my linux box: Shorewall 3.2.3 Eth0 => Internet Access 4Mbits on ethernet Eth1 => Lan Eth2 => Lan 2 Eth3 => Lan 3 i want limit the internet access: Eth1 = 2 Mbits Eth2 = 0,5 Mbits Eth3 = 1,5 Mbits but if eth1 don''t use 2 Mbits other lan can use it anyone have a simple sample config for help me ? Thanks bye

My test case must relative with burst traffic such data or real time traffic somebody can advise me how to generate traffic data like ICMP to be burst and about real time traffic too ,.. i don''t have any idea to make burst traffic for test HTB and HFSC which can manage that situation good. Express yourself instantly with MSN Mess...

I''ve set up Traffic Shaping on a Linux Router. Using HTB with SFQ, i''m trying to slow down heavy downloading for 20 subscribers over a 2048 kbit downlink. I''m classifying internet related traffic using iptables marking. bri0 is my local lan bridge, receiving egress traffic destined for subscribers....

Hello, I have a linux box sitting between (and bridging/firewalling) 2 LAN segments. I''m using Bridge/Netfilter/IMQ/tc(htb) to control (shape) mail/web traffic that traverses the 2 networks. The networks also have some VLAN tagged traffic flying around. My linux box behaves OK with VLAN traffic except that the shaping doesn''t seem to work. Normal http shapes alright but as soon as the http is encapsulated with VLAN, shaping doesn''t work...

Hi all :) I''m new to this list, as I''m new too to traffic shaping ;) I''ve set up an FTP server in my ADSL line and I wanted it to serve as fast as possible as long as I don''t use my outgoing ADSL bandwidth, and I''m currently using HTB for that (succesfully, I must add). The problem is (when the FTP server is serving higher...

Hi all, i have a problem: i have an adsl modem that is connected to internet. I can''t manage this modem. Between my PC and the modem i have a linux firewall that make the NAT and the traffic shapping. I have create a script that limit the bandwidth of the "external" interface of the firewall so i can manage my bandwidth for my internet application. The problem is that i need to access the adsl modem at full bandwith (100mbits) from my PC (through the linux firewall). So i nee...

After varying degrees of success with p2p detection modules, I would like to write the following rules using iptables to reliably identify p2p traffic: 1. If a host on the network has 5 or more simutaneous tcp connections to ports above 1024, mark all connections to ports 1024 and above as 60. 2. If a host has received (or sent) UDP packets from 5 different hosts'' ports above 1024 in a minute then classify all UDP traffic to and from t...