similar to: Policing based on port numbers

Hi, I''m trying to police the incoming traffic by using ingress qdisc,this is what I have in my script tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 4 \ handle 1: u32 divisor 1 tc filter add dev eth0 parent ffff: protocol ip prio 4 u32 \ match ip dport 4001 0xffff \ police rate 2000kbit burst 50k drop \ flowid

ingress can be used to control the incoming packet, such as: tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 5 u32 match ip src 172.16.1.11 police rate 10kbit burst 10k drop flowid :1 tc filter add dev eth0 parent ffff: protocol ip prio 5 u32 match ip src 172.16.1.22 police rate 10kbit burst 10k drop flowid :2 first ,I do not sure these method can

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

Hello everybody on the list, I have the following situation where I want to police the speed of incoming packets from specific subnets to 1024kbps and then police all the rest to 256kbps, which is the speed my ISP grants for the rest of the internet. So, eth1 is the one connected to the cable modem and then to the internet. I do: tc qdisc add dev eth1 ingress handle ffff: then: tc filter

Hello, it seems, that filtering on nexthdr (TCP/UDP) content, especially src or dst port, is not working. The following has no effect on 2.4.16 or older (even 2.2) kernels: # tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match tcp dst 3128 0xffff police rate 40kbit burst 10k drop flowid :1 Even if # tc filter ls dev eth0 parent ffff: filter protocol ip pref 50 u32 filter protocol

Hello! I''ve put some questions on this list some weeks ago and I''ve got good answers. Thank you! Now I''ve finished my (beautyful) script and I ran it on my router... About my script: It routes packages based on their destination on the Internet. I have about 1650 preffered destination networks listed in some file. The script read this file and marks every package for

Hi, When i do ''wshaper start'' the interface i have defined stops routing traffic for some reason. It resumes routing when i do ''wshaper stop''. I''m using debian stable (3.0 woody) with debian''s default 2.4.18-686 kernel. When I run the script I get no errors, and when I do a ''status'', everything looks correct. Can ANYONE

Hi, My problem is following now: I would like to set the filters for port 8099. I have tried it, but nothing happened. When I try the same filter for the port 8080 it is working very well. .) working filter (here I can see the dropped packages): tc filter add dev eth0 parent ffff: protocol ip u32 match ip dport 8080 0xffff police rate 1kbit burst 1 drop flowid :1 .) not working filter (here I

I am currently using the ultimate-tc script from http://lartc.org/howto/lartc.cookbook.ultimate-tc.html and I want to make sure that internet radio packets (mp3 streaming audio) will always get through no matter what. I have added some iptables commands like this: iptables -A OUTPUT -t mangle -p tcp --dport 8000 -j TOS --set-tos Minimize-Delay iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j

Hi, I find this diagram which details the kernel packet traveling : http://www.docum.org/docum.org/kptd/ Is it up to date ? I made some test and I put a DNAT rules in the PREROUTING table of an interface and I attach it a ingress policy, the dst IP wasn''t changed. the DNAT it isn''t yet make. I''ve another question (I''m not sure is it the good mailing list), for

Hi all. Since I move on to 2.6 kernel , filter ingress policy based on nfmark won´t work. Sorry for my english. Simple example: iptables -t mangle -I PREROUTING -j MARK --set-mark 1 ${QDISC_ADD} handle ffff: ingress ${FILTER_ADD} parent ffff: protocol ip prio 100 handle 1 fw \ police rate 128Kbit burst 10k drop flowid 2:11 # tc -s -d qdisc ls dev eth0 qdisc ingress ffff: ----------------

I would like to test police in ingress. I use kernel 2.4.20. I use this configuration: iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j

Hi everyone, I''m new to tc but I need to use it to set up shaping on a new NAT box. In short: Each user must have their upload limited to 128kbit and downlink limited to 256kbit. Global bandwidth to be limited to 100Mbit Interactive packets to have higher priority 200+ users, so need to match packets fast So far I have managed to get the download limits working. However I need to

Hi, what is needed to activate ingress policies for enterprise server 9! My current loaded modules: in the attachments my kernel: Linux linux 2.6.5-7.97-smp #1 SMP Fri Jul 2 14:21:59 UTC 2004 i686 i686 i386 GNU/Linux So you can see the module sch_ingress is loaded and also the package iprout2 is installed. I have set also a filter for ingress policies but i don`t think it is working,

As seen on my post at: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112 This works very well... It does NOT work with stable 4.0! sveasoft will be issuing a bug fix for this (4.1) in the near future. Final Rev of working script w/ asterisk support I'm not going to run alchemy on production machines until it is stablish. Remember to set your uplink properly and to set

Hi there good people, I''m a newbie in what concerns running Linux on machines other than desktops, so I need help from all you gurus out there :-) I have Linux installed on an old computer (Winchip C6, Pentium clone), acting as a router/firewall for two other computers. Both these machines are connected to the firewall via a dedicated ethernet card each, on different subnets,

Hello, i made this script : tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 match ip src 138.96.20.0 police index 1 rate 20000kbit burst 20000kbit drop flowid :1 tc filter add dev eth0 parent ffff:1 protocol ip prio 1 u32 match ip src 138.96.20.23 police index 2 rate 15000kbit burst 15000kbit drop flowid :2 tc filter add dev eth0 parent

Hi all, I''m looking for the best way to set up a Linux router with "tc" to limit the incoming bandwidth my ISP''s clients use. Please assist me with the following: Diagram: INTERNET | | | |eth0 ----------- Linux router/shaper |eth1 | | | --------------- Clients1(64k)/2(128k)/3(64k)/... Clients normally purchase bandwidth in bundles of

I am looking for a good htb traffic shaping script to prioritize incoming traffic over outgoing traffic for my machine. I have a 100mbit line, ftp up, backup data comming in, but whenever mirrors starts grabbing it they use all the traffic and the backup data comming in (the important data) drops to like 300kb/sec. I was thinking some script doing sleep 60 [if downstream > 1mb/sec, limit

Hello, i try to use iptables to mark packet and then to filter them with tc. Here is my script: iptables -t mangle -A PREROUTING -s 172.28.54.41/32 -p tcp -j MARK --set-mark 1 tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 10000kbit burst 10000kbit mtu 1500k drop flowid :1 I can not use u32 because i have several