similar to: Matching interface using U32(?)

Hello all, I am trying to match some conections using u32 but I tryed this: [root@ns1 ~]# tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 0/0 match ip dst 0/0 match ip sport 80 0xffff flowid 1:10 RTNETLINK answers: Invalid argument We have an error talking to the kernel [root@ns1 ~]# I have this class at device eth1: [root@ns1 ~]# tc class show dev eth1 class

Hi all, I am running Slackware 10.1 with Kernel 2.6.14.3 includes iptables 1.3.4 with layer 7 My network diagram below: - INTERNET --- LINUX_ROUTER_FW --- PCs Below is my simple iptables script: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t mangle -A POSTROUTING -m layer7 --l7proto applejuice -j MARK --set-mark 1 iptables -t

Hello all, I am trying to make a filter into my QoS rules and I founded that when I try to use filters u32 and with fwmark they do not work together. This is the filter I use, just and example, for u32: $TC filter add dev $DL parent 1:0 protocol ip prio 1 u32 match ip sport 22 0xffff flowid 1:10 This is working fine. Now if I try to mark a package that I want it to go to the same

Hello all, I am still reading about my QoS rules and I need that one of my servers (that is into my LAN but has an routing ip address) did not get into the qos rules I have. So I want that all traffic coming or going to that specifc host did not get shapped by any traffic control and do not get even into a QoS class. How can I do this? Att, Nataniel Klug

Hello all, I have a small ISP and I work all my clients networks over a routed network (now I am using 201.35.16.0/24 and 200.140.222.128/25 for my clients). The gateway server of the ISP is capable of running a web-cache (only http) using squid but I dont want that my clients go to the internet with the proxy/cache IP. Like when they enter in this site www.meuip.com.br it shows

Hello all, After many time reading a lot of stuff I am quite confident using LARTC to route my trafic. I am still working on QoS (by package type and so on) but it will stay in my studing class for a long time... ;) So lets go to my question... I mounted a router that makes my conections throug 2 external interfaces. Its working fine and my default gateway for entire network behind

Hello all, I am with a doubt about QoS solution... I have a 4 Mbit backbone coming from the telco I use... This is the link I serve to my clients, so I make this classes: $TC qdisc add dev $DL root handle 1: htb default 60 CLASS="/sbin/tc class add dev $DL parent" $CLASS 1: classid 1:1 htb rate 4096Kbit $CLASS 1:1 classid 1:10 htb rate 256Kbit ceil 3072Kbit burst 15k $CLASS 1:1

Hello all, I have set my QoS solution and now I am facing a little problem... When I ping to my server it has some lost packages: Estatísticas do Ping para 172.30.0.1: Pacotes: SENDED = 1029, RETURNED = 880, LOST = 149 (14% de perda), Aproximar um número redondo de vezes em milissegundos: Mínimo = 0ms, Máximo = 686ms, Média = 105ms If I disable my QoS ping stats to be ok. I even have

Hi, I want a way to traffic shape pppoe encapsulated pkts based on its src/dst Ip address. Is there any way I can mark pppoe encapsulated pkts? Samit

Hello, I am trying to make a load balance at my box using two conections. I have compile my kernel with this patch routes-2.6.13-12.diff (tha I get from this website: http://www.linuxvirtualserver.org/~julian/#routes). The problem is that when I try to balance using weight sintaxe (i will put the script bellow) some conectios just drop. So I can enter some pages but other I could not...

Guys After reading through the archives I found some insightful ways to be able to shape traffic to pppoe clients from the server. I have two questions on the topic of setting up a pppoe server however... 1. The clients will all be connected to each other using a normal ethernet network, the segments connected with managed switches. The capacity is roughly 500 nodes. Will these pppoe sessions

My Internet gateway is using ADSL PPPoE connection with dynamic public IP assigned by ISP. My Internet gateway is Redhat AS3 U2, shorewall 2.0.9 As my ISP provided 4 simultaneous pppoe dailup connection for the same physical adsl line. My linux server can be configured for multiple pppoe connection i.e. ppp0, ppp1, ppp2, ppp3 Is it possible of shorewall to assigned say ppp0''s IP is

Hello, I am looking for an answer. I am doind some thing like a loadshare betwen two backbones. To one of them I send all p2p, msn and irc packages and to the other one I send the rest I have. The problem I am facing is about prio at tables: ip rule add fwmark 1 table 201 prio 202 This is the rule I make. This is, I thinbk, working fine. The default gateway is set into table

I have a very simple setup exactly as described in the HOWTO section " 4.2. Routing for multiple uplinks/providers". One is cable (eth1: dhcp) and the other is PPPoE (ppp0). I used the following commands to configure the routing once all of my interfaces are up and i have configured SNATing for them: ip route add 66.11.173.0/24 dev ppp0 src 66.11.173.224 table 11 ip route add default

Hello guys, I am still in doubt about this kind of server. So my question is about the "prio" at routing tables like: I have 3 tables in /etc/iproute2/rt_tables: 201 201 202 202 222 222 In table 201 there is the rules about my internet link (frame relay) that comes into eth0. So I made this route into it: [root@ns2 iproute2]# ip route show table 201 default via

Hi everyone, I''m controling the uplink traffic bandwidth between two ethernet linux computers, but it seems like even the download bandwidth gets limited then i''ve got trouble on that because my intention is  shaping the conection on an asymetric way (ADSL).  Lately, I''m going crazy, this problem has got me pretty worried and i''m not figuring out at all, the

Hello! I''ve read a lot of mail archives, but can''t find solutions for my problem. I have router with about 700 users. I''m using HTB with SFQ leaf qdiscs for every user (client ip). So, different IP can have its own rate limit. This scheme ir working fine for a long time. But how can I limit number of connections (sessions) from one host? I see from ip_conntrack

Hi I want to block the IP traffic between any 2 hosts on a switched ethernet LAN. Will setting all the possible IP addresses on a linux machine in the LAN do the trick or there is another easier solution? -- Anton Glinkov network administrator _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:

Hello al, Is it possible [indeed is this the right place] to add iptables to force all internet traffic to go thru a particular computer on a LAN? I have a 4 port Router/modem that contains a Busybox v0.61 Linux system. I am able to add entries to the iptables tho'' I don''t really know what it does yet. I want to be able to use Ethereal on this one computer to check what web

Thanks: To Stef and Tobias Geiger for giving me the answer. I used the prio to get the order right. Don't know why I did'nt think of it myself. Compression: Another thing that might be useful to the list is the use of compression (Deflate etc.) to get better bandwidth across links. This requires a Linux router at both ends of the link. I got the idea from a product called Peribit see