similar to: incoming traffic + iptable

Hello, i made this script : tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 match ip src 138.96.20.0 police index 1 rate 20000kbit burst 20000kbit drop flowid :1 tc filter add dev eth0 parent ffff:1 protocol ip prio 1 u32 match ip src 138.96.20.23 police index 2 rate 15000kbit burst 15000kbit drop flowid :2 tc filter add dev eth0 parent

Hello, with the command : tc filter add dev eth0 parent ffff: protocol ip u32 patch ip src 192.168.2.6police rate 10000kbit burst 10000kbit drop flowid :1 we can limit traffic coming from 192.168.2.6. I would like: for 192.168.1.2, 192.168.1.4 limit to 10mbit for 192.168.1.3, 192.168.1.5 limit to 20mbit other ip would have no limit. Is it possible with tc ? Regards Olivier.

Hello everybody on the list, I have the following situation where I want to police the speed of incoming packets from specific subnets to 1024kbps and then police all the rest to 256kbps, which is the speed my ISP grants for the rest of the internet. So, eth1 is the one connected to the cable modem and then to the internet. I do: tc qdisc add dev eth1 ingress handle ffff: then: tc filter

Hi everyone, I''m new to tc but I need to use it to set up shaping on a new NAT box. In short: Each user must have their upload limited to 128kbit and downlink limited to 256kbit. Global bandwidth to be limited to 100Mbit Interactive packets to have higher priority 200+ users, so need to match packets fast So far I have managed to get the download limits working. However I need to

Hi all, i have a problem: i have an adsl modem that is connected to internet. I can''t manage this modem. Between my PC and the modem i have a linux firewall that make the NAT and the traffic shapping. I have create a script that limit the bandwidth of the "external" interface of the firewall so i can manage my bandwidth for my internet application. The problem is that i need to

I''m just-so-fresh to the list, so hello everyone. I''m having a realy hard time with setting up very simple bandwidth management. What I am trying to do is setup a 10Mbit interface to send at only 1920kbit to most of the network (to make sure it hardly ever tops 2mbit). I did succeed with the ingress traffic... With egress however, I get very odd results at different speeds. With

I try to use tc on mips with linux-2.4.18 but the u32 filter dosn''t work I added htb qdisc to linux-2.4.18 and use it to limit the speed in LAN, it only work well on the default class, for example tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1:0 classid 1:1 htb rate 2000kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 500kbit ceil 500kbit

ingress can be used to control the incoming packet, such as: tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 5 u32 match ip src 172.16.1.11 police rate 10kbit burst 10k drop flowid :1 tc filter add dev eth0 parent ffff: protocol ip prio 5 u32 match ip src 172.16.1.22 police rate 10kbit burst 10k drop flowid :2 first ,I do not sure these method can

Hi, I am new to tc and have been reading quite a bit on how to set it up etc. Everything seems to be working fine, until I started scp-ing a large file over a low bandwidth connection as part of my testing process. Here is the setup: my pc --- bridge running tc/htb --- rest of network TC is filtering traffic from "my pc" and classifies it as 120kbit (see my script below). I then scp a

Hi there good people, I''m a newbie in what concerns running Linux on machines other than desktops, so I need help from all you gurus out there :-) I have Linux installed on an old computer (Winchip C6, Pentium clone), acting as a router/firewall for two other computers. Both these machines are connected to the firewall via a dedicated ethernet card each, on different subnets,

Hi guys , i am starting to "play" with qos in linux. Well , i am trying to setup an ingress filter but i do not know why it is not working. tc add qdisc dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 160kbit burst 256kbit drop flowid :1 After that : iptables -A PREROUTING -t mangle --sport 80 -j MARK --set-mark 1 So , i think this

I am currently using the ultimate-tc script from http://lartc.org/howto/lartc.cookbook.ultimate-tc.html and I want to make sure that internet radio packets (mp3 streaming audio) will always get through no matter what. I have added some iptables commands like this: iptables -A OUTPUT -t mangle -p tcp --dport 8000 -j TOS --set-tos Minimize-Delay iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j

Hi, I am trying to do some simple ingress limiting based on fwmark. I know the ability and sense to do INGRESS limiting is ehm... limited ;-) but still I want to try it. I tried several things. === 1 === tcq ingress handle ffff: tcf parent ffff: protocol ip prio 1 handle 1 fw police rate 12mbit burst 10k drop tcf parent ffff: protocol ip prio 1 handle 2 fw police rate 10mbit burst 10k drop

Hi, I''m trying to police ingress traffic based on port numbers and IP addresses. The u32 match based on IP addresses seems to work without issues and I''m am able to police incoming packets. However, the same isn''t working with u32 matches based on TCP port numbers. For port numbers, I added exactly one ''u32 match'' rule: common for both: # tc qdisc add

Hi, I find this diagram which details the kernel packet traveling : http://www.docum.org/docum.org/kptd/ Is it up to date ? I made some test and I put a DNAT rules in the PREROUTING table of an interface and I attach it a ingress policy, the dst IP wasn''t changed. the DNAT it isn''t yet make. I''ve another question (I''m not sure is it the good mailing list), for

I would like to test police in ingress. I use kernel 2.4.20. I use this configuration: iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j

Hi, When i do ''wshaper start'' the interface i have defined stops routing traffic for some reason. It resumes routing when i do ''wshaper stop''. I''m using debian stable (3.0 woody) with debian''s default 2.4.18-686 kernel. When I run the script I get no errors, and when I do a ''status'', everything looks correct. Can ANYONE

I know this will be trivial for most, but I am having trouble with getting my scenario to work correctly. I want to ''tag'' and ''throttle'' the bandwidth to and from a particular client on my lan side. Better yet, I just want to throttle smtp traffic, per say, for that ip. ----lan----------eth1-[linux.box]-eth0----------internet I have used the technique

Hello! I''ve put some questions on this list some weeks ago and I''ve got good answers. Thank you! Now I''ve finished my (beautyful) script and I ran it on my router... About my script: It routes packages based on their destination on the Internet. I have about 1650 preffered destination networks listed in some file. The script read this file and marks every package for

Hi ! I wanted to shape my analog modem connection so I took these two lines from the ''wondershaper'' script: tc qdisc add dev $DEV handle ffff: ingress #tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip \ src 0.0.0.0/0 police rate ${DOWNLINK} burst 10k drop flowid :1 with DEV=ppp0 and DOWNLINK=24kbit. But, when I activate it, nothing comes back from the