similar to: IP rate or Ethernet rate ?

Hi guys , i am starting to "play" with qos in linux. Well , i am trying to setup an ingress filter but i do not know why it is not working. tc add qdisc dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 160kbit burst 256kbit drop flowid :1 After that : iptables -A PREROUTING -t mangle --sport 80 -j MARK --set-mark 1 So , i think this

Hello I have 2 class-B networks (172.22.0.0/16 and 172.23.0.0/16, over 130k of ip''s) and need to setup traffic tbf shapers with 64kb/s for each ip from 172.22.0.0/16 and 128kb/s for each ip from 172.23.0.0/16 just read lartc and don''t understand how to use u32 for decreasing number of rules and hashing

Hello everyone, I want an opinion from people who tryed different matching modules to match diferent types of traffic, especially p2p ones. I would like to hear which scales better as CPU usage and latency : ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use one of them to block most of p2p (except maybe dc++ and emule which i want to shape). I would use the matching rules in

I''ve got a linux router pushing 600-1000 pppoe connections through it. I''m getting a screen error "Neighbor Table Overflow" after this box has been up for between 1 week and 1 month. When this is happening, routing slows to a crawl if at all. Then dies. I''ve added: # Added to stop "neighbor table overflow" messages in the kernel

Is the 192.168.1.2 an ip on the router? If yes, you''ll have to mark in OUTPUT, not PREROUTING, also, after you set up the rules and routes, did you an ip route flush cache ? I hope these works On Wed, 21 Jul 2004 20:02:32 -0700, Jens <jens@pacificsun.ca> wrote: > I have a particular problem that has caused me grief for some time now and > even though the answer is probably

We currently use iptables, matching packets based on IP address and marking them with an ID. Multiple IP addresses can be marked with the same ID. We then filter based on the ID. We have close to 2000 filters now and I''m looking into hashing tables. Is there any way to create a hashing filter based on the fwmark? Paul C. Diem PCDiem@FoxValley.net

Hi all. I have a simple question. Is that a way to limit the number os TCP or UDP connection of a single HOST in my network? For exemple: I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and Bittorrent at the same time, and he also is infected by a virus that opens more than 500 TCP ports at the same time. So, i want to limit that host to be able to open no more then 30 TCP

Hello list, I''m having problems with HTB on a machine. I noticed that after a while the machine seems off-line after i start the htb script. After some debugging i realised the problem stays in the arp packets send by the machine, which are delayed or dropped. Because of that i had to remove the default class. Is there a way to match arp packets ? because i want to add them to the class

Hello Everyone, I have this weird problem. I have 2.6.10-rc2-mm3 kernel with u32 compiled as module. I have the cls_u32 module loaded. I have different binaryes of tc, the one from iproute packaged from debian sarge, the Kaber''s one from trash.net, and also from another computer where u32 worked. When I run this: cyclops:~# /usr/local/sbin/tc filter add dev eth0 parent 6: protocol ip

Hi there, I have a little problem. I had this some months ago but didn''t solve it back then. I have patched my kernel with Layer 7 support and patched my iptables to support it, too. Now I inserted this line in my firewall script on my router for testing purpose: $IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7 --l7proto http -j DROP It works, BUT only if the

Hello, Here is the situation. There is a machine with 3 intel gigabit card, 2 of them on PCI-X and in bridge, the 3rd is used only for management access. The machine is a dual Xeon 2.8GHz with HT. With 2.6.8 kernel from debian (testing) and htb with u32 on, i usually get about 30-40% software interrupts on CPU0 and CPU2, and without htb and u32, 10% less. Now, if I boot with 2.6.17.9 kernel,

Hi all, Since the mail list receives a lot of repeated subjects (for example: "i have two adsl lines..."), maybe these specific issues should be treated on the LARTC Guide, or maybe if we had an wiki? Is there a LARTC Wiki? If not, what do you think about creating one? Thanks -- Marco _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl

Currently using physdev on a bridge to try and isolate certain paths across and to the bridge. It all works except when trying to stop the flow in one direction on the FORWARD chain?? Can someone please help?? Below is the testing done so far. eth1 <---> BRIDGE <---> eth0 # Block (eth0 ---> eth1) - blocks both directions and not just one?? iptables -A FORWARD -m physdev

Sir, I have one 2 MB link which I have to distribute to 200 people. Caching may enchance performance. Kindly suggest packages for this purpose under GPL. Regards, Rayudu. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hi, I''m trying to divide my bandwidth between different services, but I''d like to take into account the number of active users. For example, l want divide my bandwidth between HTTP and SMTP and guarantee HTTP 80% of the bandwidth. However, I have many users on my system (tens of thousands) and if only 1% of my active users are using HTTP (and the other 99% SMTP), I''d

Hello list. I''ve configured a very simple script to slow down packets coming from a particular IP Address. I''ve used IPTABLES to mark traffic coming from this IP Address, but it does not appear to be working as expected. Let me first describe my system as maybe what I''m doing is beyond what NETFILTER can do. I have one machine that runs all my servers as

Hi all! I have a problem setting up HTB on my home network. I have a network: 192.168.1.0/24 and I want to limit the download to 200 KB to every IP from my city ( I have the IP''s of most ISPs). The thing is that I I want to limit the international traffic too (I do not use BGP) and set it to 15 KB. Can someone help with this setup? Thanks! Best regards, -- George -- This message

Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz