Displaying 20 results from an estimated 8000 matches similar to: "Help please with tc and iptables mark"
2005 Jan 05
19
[PATCH] mark in u32
Hello, Stephen, List!
Attached is the patch for iproute2 to add the possibility to use fwmark in
u32 filters.
The kernel part was included in 2.6.10.
Please apply!
Thank you!
For more info:
- Kernel patch (not needed for 2.6.10):
http://kernel.umbrella.ro/net/mark_in_u32/net-match-nfmark-in-u32.patch
- Examples:
http://kernel.umbrella.ro/net/mark_in_u32/examples.txt
---
Catalin(ux aka Dino)
2005 Jun 01
3
filter ingress policy based on nfmark
Hi all.
Since I move on to 2.6 kernel , filter ingress policy based on nfmark won´t
work.
Sorry for my english.
Simple example:
iptables -t mangle -I PREROUTING -j MARK --set-mark 1
${QDISC_ADD} handle ffff: ingress
${FILTER_ADD} parent ffff: protocol ip prio 100 handle 1 fw \
police rate 128Kbit burst 10k drop flowid 2:11
# tc -s -d qdisc ls dev eth0
qdisc ingress ffff: ----------------
2005 Dec 27
3
Ingress policing (matching netfilter marks)
Hi,
I''m having issues with policing my incoming traffic by matching packet marks
made by iptables. I''ve checked as many sites and guides as I can find, and I
seem to be doing the exact same thing as they all are, but there''s still no
success. As such, I was wondering if anyone can have a quick look to see if
I''ve done anything obviously stupid?
Essentially, I
2007 Jul 02
8
Kernel Packet Traveling Diagram
Hi,
I find this diagram which details the kernel packet traveling :
http://www.docum.org/docum.org/kptd/
Is it up to date ?
I made some test and I put a DNAT rules in the PREROUTING table of an
interface and I attach it a ingress policy, the dst IP wasn''t changed. the
DNAT it isn''t yet make.
I''ve another question (I''m not sure is it the good mailing list), for
2006 Jun 30
1
police rate doesn''t work ?
I would like to test police in ingress.
I use kernel 2.4.20.
I use this configuration:
iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j
2005 Apr 20
3
AW: AW: AW: Activate ingress policies on suse enterprise serv er 9
Hi,
My problem is following now:
I would like to set the filters for port 8099.
I have tried it, but nothing happened.
When I try the same filter for the port 8080 it is working very well.
.) working filter (here I can see the dropped packages):
tc filter add dev eth0 parent ffff: protocol ip u32 match ip dport 8080
0xffff police rate 1kbit burst 1 drop flowid :1
.) not working filter (here I
2007 Mar 22
8
Shape own router
On 2/19/07, Salatiel Filho <salatiel.filho@gmail.com> wrote:
> Well , thanks to imq all my client machines are now shaped and
> everything is great ...
> But now i have a doubt , is there a way to shape the traffic that goes
> to the route [doing a wget from the router for example ]?
>
>
> I have a PREROUTING IMQ0 and a POSTROUTING IMQ1 , everything is
> working like
2004 Nov 16
2
tc rules for Internet Radio
I am currently using the ultimate-tc script from
http://lartc.org/howto/lartc.cookbook.ultimate-tc.html
and I want to make sure that internet radio packets (mp3 streaming audio)
will always get through no matter what. I have added some iptables commands
like this:
iptables -A OUTPUT -t mangle -p tcp --dport 8000 -j TOS --set-tos
Minimize-Delay
iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j
2005 Apr 18
1
AW: Activate ingress policies on suse enterprise server 9
Hi,
Thanks for the fast response,
.)Okay I tried your suggestion for my port 8099 and nothing happened:
The tcp ip information goes from a firewall to my port 8099 and this port is
than routed to the original 8080, I do that because I don`t want to dirturb
my port 8080.
But it seams the ingress filter doesn`t work on it!!
iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt
2006 Apr 09
10
Trying to do some very simple ingress limiting, no success
Hi,
I am trying to do some simple ingress limiting based on fwmark. I know
the ability and sense to do INGRESS limiting is ehm... limited ;-) but
still I want to try it.
I tried several things.
=== 1 ===
tcq ingress handle ffff:
tcf parent ffff: protocol ip prio 1 handle 1 fw police rate 12mbit burst 10k drop
tcf parent ffff: protocol ip prio 1 handle 2 fw police rate 10mbit burst 10k drop
2005 Apr 22
1
AW: AW: AW: AW: Activate ingress policies on suse enterpr ise serv er 9
Hi,
So far, if have understand correctly: I route the incoming tcpip message of
port 8099 directly to 8080 and then the ingress filter on port 8099 has
nothing to do!?
Yes I think on different interface on one machine (different Ports for
different Request, with different restriction).
What has exactly to be done to set the policier before Prerouting!
Which kernel options, or also extra
2005 Aug 09
4
Too slow computer?
Hello! I''ve put some questions on this list some weeks
ago and I''ve got good answers. Thank you!
Now I''ve finished my (beautyful) script and I ran it
on my router...
About my script:
It routes packages based on their destination on the
Internet. I have about 1650 preffered destination
networks listed in some file. The script read this
file and marks every package for
2004 May 23
1
limiting bandwidth on a sequence of ports.
Hello.
I have just started using iproute2 commands, and I am having a go at
making bittorrent use the same bandwidth for upload as for download.
I am stuck I think in understanding speeds
I connect to the internet through a router modem which gets the real IP
and assigns me a private ip through dhcp. So this router can handle a
private network, and route it to the internet, pressumably with nat.
2007 Feb 04
4
tc ingress + iptables mark problem
Hi guys , i am starting to "play" with qos in linux. Well , i am
trying to setup an ingress filter but i do not know why it is not
working.
tc add qdisc dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw
police rate 160kbit burst 256kbit drop flowid :1
After that :
iptables -A PREROUTING -t mangle --sport 80 -j MARK --set-mark 1
So , i think this
2007 Feb 28
4
incoming traffic + iptable
Hello,
i try to use iptables to mark packet and then to filter them with tc. Here
is my script:
iptables -t mangle -A PREROUTING -s 172.28.54.41/32 -p tcp -j MARK
--set-mark 1
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police
rate 10000kbit burst 10000kbit mtu 1500k drop flowid :1
I can not use u32 because i have several
2004 Oct 20
1
throttle particular client ip
I know this will be trivial for most, but I am having trouble with getting
my scenario to work correctly. I want to ''tag'' and ''throttle'' the
bandwidth to and from a particular client on my lan side. Better yet, I
just want to throttle smtp traffic, per say, for that ip.
----lan----------eth1-[linux.box]-eth0----------internet
I have used the technique
2007 Jul 30
17
tc n00b
Hi everyone,
I''m new to tc but I need to use it to set up shaping on a new NAT box.
In short:
Each user must have their upload limited to 128kbit and downlink limited
to 256kbit.
Global bandwidth to be limited to 100Mbit
Interactive packets to have higher priority
200+ users, so need to match packets fast
So far I have managed to get the download limits working. However I need
to
2004 May 05
3
Simple HTB setup with tcng
Hello all,
I am trying to set up a simple htb based system, where packets with
source ip 10.0.0.1 should have their own class.
I plan to use tcng to set it up easier.
Is there something wrong in my tcng file ?
~/tcng$ cat htb
/*
*/
#include "fields.tc"
#include "ports.tc"
dev eth0 {
htb ( ) {
class ( rate 600kbps, ceil 600kbps )
{
2006 Jun 02
1
IMQ + NAT
Hello,
I have
eth0 - internet
eth1..4 - local networks
on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
I want to balance out/in load for eth1..4 and localhost (mainly
squid). Nat makes impossible to do it on eth0, so I installed IMQ. I
need to get to on imq0 unnnated in/out traffic that I could make
priorities for protocols and networks. Do somthing like this:
prate=1Mbit
2006 Nov 20
2
Fwd: Traffic Shaping on a Transparent Bridge not working!
I''m trying to shape traffic on a Devil-Linux box.
This note was originally sent to their maillist,
because the LARTC list appears to have been down
for the past few days. My mailbox was just flooded
with a half dozen or so confirmation requests in response
to my repeated attempts to subscribe to this list.
---------- Forwarded message ----------
From: drew einhorn