similar to: IPCLASSIFY - patch based on IPMARK

Hi all I am using a pass trhu router and I need to QoS some clients output by its IP address. The problem is that QoS is due after NATing. Is there some clever way of doing this besides MARKing every packet with some IP hashing in POSTROUTING NAT table? Regards Ethy

Hello, I am trying to use iptables together with tc I need to use IPMARK module of iptables, but I got a strange error after I run ''iptables -t mangle -A POSTROUTING -o eth0 -j IPMARK --addr=dst --and-mask=0xffff --or-mask=0x1000'' The command is copied from iptables manual itself (of course interface changed) I only got " iptables v1.3.5: Unknown arg

Hello, IPMark won''t compile on a vanilla 2.6.20 kernel I obtain this error during the compilation under debian sarge 3.1 CC [M] net/ipv4/netfilter/ipt_TTL.o CC [M] net/ipv4/netfilter/ipt_IPMARK.o net/ipv4/netfilter/ipt_IPMARK.c: In function `target'': net/ipv4/netfilter/ipt_IPMARK.c:37: error: structure has no member named `nfmark''

I am trying to build a trafic control rule set for a huge NATed network, and I have it working for single known addresses but I need to scale it to 16M potential client addresses. I''m using iptables for NAT. Incoming traffic is simple because I can match destination address, outgoing traffic I use iptables IPMARK then tc match mark and it works perfectly if I build rules for each client

Hello! Currently I am marking packets with IPMARK, and then using following rules: 1: class add dev eth0 parent 1:4 classid 1:100a htb rate $rate ceil $ceil quantum 1600 2: qdisc add dev eth0 parent 1:100a handle 100a:0 sfq perturb 10 3: filter add dev eth0 protocol ip parent 1:0 pref 30 handle 4106 fw classid 1:100a 4: class add dev eth1 parent 1:2 classid 1:100a htb rate $rate ceil $ceil

After an: # ip ru flush I loose all my ip rules but the priority 0 one. root@sarasvati:~# ip ru 0: from all lookup 255 root@sarasvati:~# Ok with that, but now i''m not able to insert any new rule. This leads to a total loose of conectivity. root@sarasvati:~# ip ru add from all table default RTNETLINK answers: Numerical result out of range root@sarasvati:~# ip ru add from all

Hi! Some time ago I faced a problem in limiting traffic on host with multiple uplinks. Since all the stuff worked nice seemed that there will be no problems. But then I realized that P2P users are smart enough to bypass limits as sfq doesn''t give fair sharing in this case (thousands of connections from one user versus few from the other). I tried IMQ but it''s instability in my

Hi folks...!!! I´ve a problem that i did not solve it. i want to limit the DOWNLOAD to my hosts (upstream traffic for the firewall) using IMQ, If i classify by PORT (source or destination) all seems to be fine, but...BUT...if i want to restrict by IP addresss (internal IP address) i can´t do it, because my hosts go to Internet toward the firewall using NAT, so after NAT my IP address in

Hello! I am using since yesterday ESFQ instead of N HTB queues. It mostly works OK, but when somebody is using one single sesion (for example downloading file via FTP), it gets weird speed. For example it is 20 kilobytes pres second, then drops down to 9, then 20 again, and then slowly to 0 and stops. But when using download accelererator of some kind or bittorrent client which uses many

Hi everyone, Xtables-addons 1.5.4 has been released; highlights of this release are the import, cleanup/bugfixing the "condition" and "ipp2p" matches and additionally extending the "IPMARK" by IPv6. I hope people don''t mind, but I have not heard back so far, so I take it it''s ok. LOGMARK (for analyzing packet marks and connection states) now

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=100 Summary: NETFILTER_VERSION -> IPTABLES_VERSION in libipt_IPMARK.c Product: iptables userspace Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: iptables

Tried to start up tcptop_snv on snv87 x86 and got <i>dtrace: failed to compile script /dev/fd/11: line 168: conn_tcp is not a member of struct conn_s</i> Line 288 has this line: <i>this->tcpp = (tcp_t *)this->connp->conn_tcp;</i> which, after looking at line 168 of <a

Hi, Kernel option CONFIG_IP_ROUTE_FWMARK is missing in 2.6.20. Can you still route traffic based on marks as stated in chapter 11 of LARTC HOWTO? I read in the list that IPMark doesn''t work either, so I thought it might be related. Thanks.

Hello, I can''t force tc to work under SUSE 10.0 OSS. Before this we have working system under SUSE 9.1 (with kernel 2.6.15.4), and consider to move this system to another hardware. I install SUSE 10.0, first with kernel from distributive, than with kernel 2.6.16.18, than with 2.6.15.4 (the same version as on working system), but I can''t force tc to work. The

Hi list, I''ve got quite a strange problem with htb. I have following configuration: dual core athlon, two intel e1000 nics - eth1 is connected to lan and has private ip, eth0 is connected to our isp and has public ip (so there''s nat on eth0). There is practically same htb configuration on both interfaces, only the filters are different. On eth1, packets are classified by their

Hello All, I''ve search the documentation of shorewall, But I didn''t find any document about traffic shaping in ipv6. I want to do a per-ip traffic shaping of ipv6.  TIA -- -Budiwijaya- ------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup

Hello, Currently I use following htb configuration: --------------- 1:0 ----------- / | \ 1:1 1:2 1:x / | \ / | \ / | \ 1:1001 1:2001 1:3001 1:1002 1:2002 1:3002 Classes like 1:1,1:2,1:3 limit my clients to some value, let''s say 128kbit/s. Classes like 1:1001 are

Hi fellows, i''m just a newbie to use the cool tc and played around the last 2 weeks. I''m quite confident - in theory - what''s possible and the basic difference between the queuing disciplines. We''re using a Fedora Core 3 box as Gateway (iptables,tc,iproute2 with NAT). Clients are coming in via eth1 and outgouing traffic (2Mbit/s SDSL) through eth0. So we

Hello everyone, I want an opinion from people who tryed different matching modules to match diferent types of traffic, especially p2p ones. I would like to hear which scales better as CPU usage and latency : ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use one of them to block most of p2p (except maybe dc++ and emule which i want to shape). I would use the matching rules in