Displaying 20 results from an estimated 10000 matches similar to: "Policing based on port numbers"
2004 Jan 13
1
ingress policing
Hi,
I''m trying to police the incoming traffic by using ingress qdisc,this is what I have in my script
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 4 \
handle 1: u32 divisor 1
tc filter add dev eth0 parent ffff: protocol ip prio 4 u32 \
match ip dport 4001 0xffff \
police rate 2000kbit burst 50k drop \
flowid
2002 May 21
5
ingress and egress
ingress can be used to control the incoming packet,
such as:
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 5
u32 match ip src 172.16.1.11 police rate 10kbit burst
10k drop flowid :1
tc filter add dev eth0 parent ffff: protocol ip prio 5
u32 match ip src 172.16.1.22 police rate 10kbit burst
10k drop flowid :2
first ,I do not sure these method can
2005 Dec 27
3
Ingress policing (matching netfilter marks)
Hi,
I''m having issues with policing my incoming traffic by matching packet marks
made by iptables. I''ve checked as many sites and guides as I can find, and I
seem to be doing the exact same thing as they all are, but there''s still no
success. As such, I was wondering if anyone can have a quick look to see if
I''ve done anything obviously stupid?
Essentially, I
2006 Jun 16
3
tc ingress policing with multiple subnets
Hello everybody on the list,
I have the following situation where I want to police the speed of incoming
packets from specific subnets to 1024kbps and then police all the rest to
256kbps, which is the speed my ISP grants for the rest of the internet.
So, eth1 is the one connected to the cable modem and then to the internet.
I do:
tc qdisc add dev eth1 ingress handle ffff:
then:
tc filter
2001 Dec 13
14
tc: u32 match in nexthdr not working?
Hello,
it seems, that filtering on nexthdr (TCP/UDP) content, especially
src or dst port, is not working.
The following has no effect on 2.4.16 or older (even 2.2) kernels:
# tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match tcp
dst 3128 0xffff police rate 40kbit burst 10k drop flowid :1
Even if
# tc filter ls dev eth0 parent ffff:
filter protocol ip pref 50 u32
filter protocol
2005 Aug 09
4
Too slow computer?
Hello! I''ve put some questions on this list some weeks
ago and I''ve got good answers. Thank you!
Now I''ve finished my (beautyful) script and I ran it
on my router...
About my script:
It routes packages based on their destination on the
Internet. I have about 1650 preffered destination
networks listed in some file. The script read this
file and marks every package for
2002 Oct 28
6
Fw: wondershaper kills eth0 :(
Hi,
When i do ''wshaper start'' the interface i have defined stops routing
traffic for some reason. It resumes routing when i do ''wshaper stop''.
I''m using debian stable (3.0 woody) with debian''s default 2.4.18-686
kernel.
When I run the script I get no errors, and when I do a ''status'',
everything looks correct.
Can ANYONE
2005 Apr 20
3
AW: AW: AW: Activate ingress policies on suse enterprise serv er 9
Hi,
My problem is following now:
I would like to set the filters for port 8099.
I have tried it, but nothing happened.
When I try the same filter for the port 8080 it is working very well.
.) working filter (here I can see the dropped packages):
tc filter add dev eth0 parent ffff: protocol ip u32 match ip dport 8080
0xffff police rate 1kbit burst 1 drop flowid :1
.) not working filter (here I
2004 Nov 16
2
tc rules for Internet Radio
I am currently using the ultimate-tc script from
http://lartc.org/howto/lartc.cookbook.ultimate-tc.html
and I want to make sure that internet radio packets (mp3 streaming audio)
will always get through no matter what. I have added some iptables commands
like this:
iptables -A OUTPUT -t mangle -p tcp --dport 8000 -j TOS --set-tos
Minimize-Delay
iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j
2007 Jul 02
8
Kernel Packet Traveling Diagram
Hi,
I find this diagram which details the kernel packet traveling :
http://www.docum.org/docum.org/kptd/
Is it up to date ?
I made some test and I put a DNAT rules in the PREROUTING table of an
interface and I attach it a ingress policy, the dst IP wasn''t changed. the
DNAT it isn''t yet make.
I''ve another question (I''m not sure is it the good mailing list), for
2005 Jun 01
3
filter ingress policy based on nfmark
Hi all.
Since I move on to 2.6 kernel , filter ingress policy based on nfmark won´t
work.
Sorry for my english.
Simple example:
iptables -t mangle -I PREROUTING -j MARK --set-mark 1
${QDISC_ADD} handle ffff: ingress
${FILTER_ADD} parent ffff: protocol ip prio 100 handle 1 fw \
police rate 128Kbit burst 10k drop flowid 2:11
# tc -s -d qdisc ls dev eth0
qdisc ingress ffff: ----------------
2006 Jun 30
1
police rate doesn''t work ?
I would like to test police in ingress.
I use kernel 2.4.20.
I use this configuration:
iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j
2007 Jul 30
17
tc n00b
Hi everyone,
I''m new to tc but I need to use it to set up shaping on a new NAT box.
In short:
Each user must have their upload limited to 128kbit and downlink limited
to 256kbit.
Global bandwidth to be limited to 100Mbit
Interactive packets to have higher priority
200+ users, so need to match packets fast
So far I have managed to get the download limits working. However I need
to
2005 Apr 18
1
Activate ingress policies on suse enterprise server 9
Hi,
what is needed to activate ingress policies for enterprise server 9!
My current loaded modules:
in the attachments
my kernel:
Linux linux 2.6.5-7.97-smp #1 SMP Fri Jul 2 14:21:59 UTC 2004 i686 i686 i386
GNU/Linux
So you can see the module sch_ingress is loaded and also the package iprout2
is installed.
I have set also a filter for ingress policies but i don`t think it is
working,
2004 Aug 04
5
Asterisk QOS working perfect using sveasoft 3.11g
As seen on my post at:
http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112
This works very well... It does NOT work with stable 4.0! sveasoft
will be issuing a bug fix for this (4.1) in the near future.
Final Rev of working script w/ asterisk support
I'm not going to run alchemy on production machines until it is stablish.
Remember to set your uplink properly and to set
2007 Sep 01
9
complete linux and shaping newbie needs help
Hi there good people,
I''m a newbie in what concerns running Linux on machines other than
desktops, so I need help from all you gurus out there :-)
I have Linux installed on an old computer (Winchip C6, Pentium clone),
acting as a router/firewall for two other computers. Both these
machines are connected to the firewall via a dedicated ethernet card
each, on different subnets,
2007 Sep 25
2
incoming traffic
Hello,
i made this script :
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 match ip src
138.96.20.0 police index 1 rate 20000kbit burst 20000kbit drop flowid :1
tc filter add dev eth0 parent ffff:1 protocol ip prio 1 u32 match ip src
138.96.20.23 police index 2 rate 15000kbit burst 15000kbit drop flowid :2
tc filter add dev eth0 parent
2002 Nov 17
2
Ingress shaping for ISP clients
Hi all,
I''m looking for the best way to set up a Linux router with "tc" to limit the
incoming bandwidth my ISP''s clients use.
Please assist me with the following:
Diagram:
INTERNET
|
|
|
|eth0
----------- Linux router/shaper
|eth1
|
|
|
--------------- Clients1(64k)/2(128k)/3(64k)/...
Clients normally purchase bandwidth in bundles of
2003 Aug 08
1
Looking for a good htb traffic shaping script to prioritize incoming traffic
I am looking for a good htb traffic shaping script to prioritize incoming
traffic over outgoing traffic for my machine. I have a 100mbit line, ftp
up, backup data comming in, but whenever mirrors starts grabbing it they use
all the traffic and the backup data comming in (the important data) drops to
like 300kb/sec. I was thinking some script doing
sleep 60
[if downstream > 1mb/sec, limit
2007 Feb 28
4
incoming traffic + iptable
Hello,
i try to use iptables to mark packet and then to filter them with tc. Here
is my script:
iptables -t mangle -A PREROUTING -s 172.28.54.41/32 -p tcp -j MARK
--set-mark 1
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police
rate 10000kbit burst 10000kbit mtu 1500k drop flowid :1
I can not use u32 because i have several