similar to: Help please with tc and iptables mark

Hello, Stephen, List! Attached is the patch for iproute2 to add the possibility to use fwmark in u32 filters. The kernel part was included in 2.6.10. Please apply! Thank you! For more info: - Kernel patch (not needed for 2.6.10): http://kernel.umbrella.ro/net/mark_in_u32/net-match-nfmark-in-u32.patch - Examples: http://kernel.umbrella.ro/net/mark_in_u32/examples.txt --- Catalin(ux aka Dino)

Hi all. Since I move on to 2.6 kernel , filter ingress policy based on nfmark won´t work. Sorry for my english. Simple example: iptables -t mangle -I PREROUTING -j MARK --set-mark 1 ${QDISC_ADD} handle ffff: ingress ${FILTER_ADD} parent ffff: protocol ip prio 100 handle 1 fw \ police rate 128Kbit burst 10k drop flowid 2:11 # tc -s -d qdisc ls dev eth0 qdisc ingress ffff: ----------------

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

Hi, I find this diagram which details the kernel packet traveling : http://www.docum.org/docum.org/kptd/ Is it up to date ? I made some test and I put a DNAT rules in the PREROUTING table of an interface and I attach it a ingress policy, the dst IP wasn''t changed. the DNAT it isn''t yet make. I''ve another question (I''m not sure is it the good mailing list), for

I would like to test police in ingress. I use kernel 2.4.20. I use this configuration: iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j

Hi, My problem is following now: I would like to set the filters for port 8099. I have tried it, but nothing happened. When I try the same filter for the port 8080 it is working very well. .) working filter (here I can see the dropped packages): tc filter add dev eth0 parent ffff: protocol ip u32 match ip dport 8080 0xffff police rate 1kbit burst 1 drop flowid :1 .) not working filter (here I

On 2/19/07, Salatiel Filho <salatiel.filho@gmail.com> wrote: > Well , thanks to imq all my client machines are now shaped and > everything is great ... > But now i have a doubt , is there a way to shape the traffic that goes > to the route [doing a wget from the router for example ]? > > > I have a PREROUTING IMQ0 and a POSTROUTING IMQ1 , everything is > working like

I am currently using the ultimate-tc script from http://lartc.org/howto/lartc.cookbook.ultimate-tc.html and I want to make sure that internet radio packets (mp3 streaming audio) will always get through no matter what. I have added some iptables commands like this: iptables -A OUTPUT -t mangle -p tcp --dport 8000 -j TOS --set-tos Minimize-Delay iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j

Hi, Thanks for the fast response, .)Okay I tried your suggestion for my port 8099 and nothing happened: The tcp ip information goes from a firewall to my port 8099 and this port is than routed to the original 8080, I do that because I don`t want to dirturb my port 8080. But it seams the ingress filter doesn`t work on it!! iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt

Hi, I am trying to do some simple ingress limiting based on fwmark. I know the ability and sense to do INGRESS limiting is ehm... limited ;-) but still I want to try it. I tried several things. === 1 === tcq ingress handle ffff: tcf parent ffff: protocol ip prio 1 handle 1 fw police rate 12mbit burst 10k drop tcf parent ffff: protocol ip prio 1 handle 2 fw police rate 10mbit burst 10k drop

Hi, So far, if have understand correctly: I route the incoming tcpip message of port 8099 directly to 8080 and then the ingress filter on port 8099 has nothing to do!? Yes I think on different interface on one machine (different Ports for different Request, with different restriction). What has exactly to be done to set the policier before Prerouting! Which kernel options, or also extra

Hello! I''ve put some questions on this list some weeks ago and I''ve got good answers. Thank you! Now I''ve finished my (beautyful) script and I ran it on my router... About my script: It routes packages based on their destination on the Internet. I have about 1650 preffered destination networks listed in some file. The script read this file and marks every package for

Hello. I have just started using iproute2 commands, and I am having a go at making bittorrent use the same bandwidth for upload as for download. I am stuck I think in understanding speeds I connect to the internet through a router modem which gets the real IP and assigns me a private ip through dhcp. So this router can handle a private network, and route it to the internet, pressumably with nat.

Hi guys , i am starting to "play" with qos in linux. Well , i am trying to setup an ingress filter but i do not know why it is not working. tc add qdisc dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 160kbit burst 256kbit drop flowid :1 After that : iptables -A PREROUTING -t mangle --sport 80 -j MARK --set-mark 1 So , i think this

Hello, i try to use iptables to mark packet and then to filter them with tc. Here is my script: iptables -t mangle -A PREROUTING -s 172.28.54.41/32 -p tcp -j MARK --set-mark 1 tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 10000kbit burst 10000kbit mtu 1500k drop flowid :1 I can not use u32 because i have several

I know this will be trivial for most, but I am having trouble with getting my scenario to work correctly. I want to ''tag'' and ''throttle'' the bandwidth to and from a particular client on my lan side. Better yet, I just want to throttle smtp traffic, per say, for that ip. ----lan----------eth1-[linux.box]-eth0----------internet I have used the technique

Hi everyone, I''m new to tc but I need to use it to set up shaping on a new NAT box. In short: Each user must have their upload limited to 128kbit and downlink limited to 256kbit. Global bandwidth to be limited to 100Mbit Interactive packets to have higher priority 200+ users, so need to match packets fast So far I have managed to get the download limits working. However I need to

Hello all, I am trying to set up a simple htb based system, where packets with source ip 10.0.0.1 should have their own class. I plan to use tcng to set it up easier. Is there something wrong in my tcng file ? ~/tcng$ cat htb /* */ #include "fields.tc" #include "ports.tc" dev eth0 { htb ( ) { class ( rate 600kbps, ceil 600kbps ) {

Hello, I have eth0 - internet eth1..4 - local networks on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE I want to balance out/in load for eth1..4 and localhost (mainly squid). Nat makes impossible to do it on eth0, so I installed IMQ. I need to get to on imq0 unnnated in/out traffic that I could make priorities for protocols and networks. Do somthing like this: prate=1Mbit

I''m trying to shape traffic on a Devil-Linux box. This note was originally sent to their maillist, because the LARTC list appears to have been down for the past few days. My mailbox was just flooded with a half dozen or so confirmation requests in response to my repeated attempts to subscribe to this list. ---------- Forwarded message ---------- From: drew einhorn