similar to: IPMark won''t compile on a vanilla 2.6.20 kernel

Hello, I am trying to use iptables together with tc I need to use IPMARK module of iptables, but I got a strange error after I run ''iptables -t mangle -A POSTROUTING -o eth0 -j IPMARK --addr=dst --and-mask=0xffff --or-mask=0x1000'' The command is copied from iptables manual itself (of course interface changed) I only got " iptables v1.3.5: Unknown arg

Hello everybody! Some time ago I''ve decided that using the MARK property of the Linux IP packet structure for the needs of traffic control is not very useful. So I wrote an iptables patch called IPCLASSIFY. It is fully based on IPMARK but it uses the PRIORITY field instead of MARK. The relation between IPCLASSIFY<->CLASSIFY is the same as IPMARK<->MARK. By using

Hi! Some time ago I faced a problem in limiting traffic on host with multiple uplinks. Since all the stuff worked nice seemed that there will be no problems. But then I realized that P2P users are smart enough to bypass limits as sfq doesn''t give fair sharing in this case (thousands of connections from one user versus few from the other). I tried IMQ but it''s instability in my

I am trying to build a trafic control rule set for a huge NATed network, and I have it working for single known addresses but I need to scale it to 16M potential client addresses. I''m using iptables for NAT. Incoming traffic is simple because I can match destination address, outgoing traffic I use iptables IPMARK then tc match mark and it works perfectly if I build rules for each client

Hi all I am using a pass trhu router and I need to QoS some clients output by its IP address. The problem is that QoS is due after NATing. Is there some clever way of doing this besides MARKing every packet with some IP hashing in POSTROUTING NAT table? Regards Ethy

Hello! Currently I am marking packets with IPMARK, and then using following rules: 1: class add dev eth0 parent 1:4 classid 1:100a htb rate $rate ceil $ceil quantum 1600 2: qdisc add dev eth0 parent 1:100a handle 100a:0 sfq perturb 10 3: filter add dev eth0 protocol ip parent 1:0 pref 30 handle 4106 fw classid 1:100a 4: class add dev eth1 parent 1:2 classid 1:100a htb rate $rate ceil $ceil

Hi, currently I''m using 48 class with htb & very stable Is there any maximum number of class I can create in a single linux box ? I need 500 or even 1000 class for campuss network. Any help appreciated thanks & regards Tino _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

We''re using tc to classify all packets currently - it avoids conflicting with other packages that want to play with the ipfilters, and up to this point has done everything we need. However now I''d like to map the four htb flows I''ve set up (and are working great on their own) to the four wireless hardware driver queues when the driver currently only has support for

Hi All Take a look and please tell what is wrong: root@prensa:~# $IPT -t mangle -F PREROUTING root@prensa:~# $IPT -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables: No chain/target/match by that name root@prensa:~# $IPT -t mangle -A PREROUTING -j CONNMARK iptables v1.3.4: CONNMARK target: No operation specified Try `iptables -h'' or

Hi to everybody. I read some info and documentation but i still can''t find how to make this simple setup for example . I just want to make priority of certain traffic without shaping the traffic . For example SSH and RDP first priority Mail second priority WEB and FTP third And everything else last priority. What will be the simple and best way to achieve this. I will appreciate

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I''ve written a minimal sort of Perl module that dynamically creates and destroys traffic control rules for specific IPs. I''m currently using it for a user bandwidth control application at a client site. The module essentially gets Ethernet device(s), IP address and in/out speeds as input and dynamically creates classes, queues

Hi! I want to upgrade hardware on my router (iptables, htb, >1000 users). Now it is based on usual desktop PC (Intel Prescott P4 3.00 Ghz, 1 Gb RAM). The reason of hardware upgrade is growing up number of users, also we are planning to increase upstream link from 100 Mbit/s to 1 Gbit/s. Iptables rules are now optimized with ipset tool, for tc I''m using hash tables as well. So I

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following

I am planning to replace our cisco 7200 core router with Linux. We currently serve around 1500 (3/4 DSL - different router) customers with probably half of them being concurrent at any given time. We have a fiber network and customers currently aren''t managed as far as how much bandwidth they can use at anytime. Therefore I have constructed a working tc qdisc Linux router as a test. It

Hello! I am using since yesterday ESFQ instead of N HTB queues. It mostly works OK, but when somebody is using one single sesion (for example downloading file via FTP), it gets weird speed. For example it is 20 kilobytes pres second, then drops down to 9, then 20 again, and then slowly to 0 and stops. But when using download accelererator of some kind or bittorrent client which uses many

Hi all. Since I move on to 2.6 kernel , filter ingress policy based on nfmark won´t work. Sorry for my english. Simple example: iptables -t mangle -I PREROUTING -j MARK --set-mark 1 ${QDISC_ADD} handle ffff: ingress ${FILTER_ADD} parent ffff: protocol ip prio 100 handle 1 fw \ police rate 128Kbit burst 10k drop flowid 2:11 # tc -s -d qdisc ls dev eth0 qdisc ingress ffff: ----------------

Hi, with the attached config my gaming ping is still +20ms, even if the line isn''t saturated..can anybody give me a hint how to get a better response time? my line: 1024/128kbit outbound: one htb qdisc for gaming (7kbps) prio 0 ceil 14kbps<- should get more traffic when needed. Htb again for irc and default. inbound: css, irc, p2p, default <- same shema as before, give css

Hi everyone, Xtables-addons 1.5.4 has been released; highlights of this release are the import, cleanup/bugfixing the "condition" and "ipp2p" matches and additionally extending the "IPMARK" by IPv6. I hope people don''t mind, but I have not heard back so far, so I take it it''s ok. LOGMARK (for analyzing packet marks and connection states) now

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=100 Summary: NETFILTER_VERSION -> IPTABLES_VERSION in libipt_IPMARK.c Product: iptables userspace Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: iptables