similar to: Packet loss with htb+sfq+l7filter

OK - this is starting to get frustrating... Are there any known issues with 2.6.9 and traffic shaping? I am using 2.6.9 with geoip 20041115, and get odd oopses. The following script oopses my box: ----------------------------------------------------- #!/bin/sh -x IFOUT=''eth1'' IFIN=''eth0'' TC=''/sbin/tc''

Hi all, I am running Slackware 10.1 with Kernel 2.6.14.3 includes iptables 1.3.4 with layer 7 My network diagram below: - INTERNET --- LINUX_ROUTER_FW --- PCs Below is my simple iptables script: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t mangle -A POSTROUTING -m layer7 --l7proto applejuice -j MARK --set-mark 1 iptables -t

hi R-users: I want to draw three plot into one figure by layout and the script has been shown below. But I find R does not show the xlab and ylab information completely as shown the figure attached. How can I midify the script.? thank you . xxlab<-paste(cpmd," (",ro,"%)",sep=" ") yylab<-paste(rfmd," (",co,"%)",sep=" ")

Hello, I''ve been trying to shape the bittorrent traffic (on my external interface, upload), but without luck, for this I''m using layer7 filter right now, but I''ve also tried ipp2p, with the same results, I might say that this is not a problem with this packet classifiers, the problem is with HTB, here''s why. When I open azureus (the bittorrent client I

i search a lot forum how to get bandwidth statistic such number of packet, total byte in each application protocol by using IPTABLES + netfilter-layer7 but i don''t know which script for getting it in log file and use data after get it for plotting graph later my IPTABLES command like this iptables -t mangle -N all iptables -t mangle -A POSTROUTING -j all iptables -t mangle -A

Hi, Thanks for the reply. Mohan Sundaram wrote : > mark in iptables and use tc to classify using mark. Mark like this ? iptables -A INPUT -m layer7 --l7proto bittorrent -j MARK --set-mark 3 and then.. tc filter add dev eth0 protocol ip parent 1:0 1 handle 3 fw flowid 1:10 and lets say we have a flowid 1:3 declared to use at 60kbit ceil 60kbit Is that proper ? If so then it

Hello, its me again, I won''t stop sending emails to this list, until I solve this problem, I''ve tried several apps to create the right htb rules (even made them my self), but I always get the same results, traffic gets shaped, but I can''t use my bandwidth, and this is weird, because I should be able to, also I keep seeing download being limited too, and that

I''m successfully using HTB + GRED to shape traffic based on the DSCP field. I would like to strip the DSCP and possibly replace it with normal ToS bits on egress traffic leaving my network. Leaving DSCP set is pointless, and could potentially cause problems with some ISPs that use DSCP internally I suppose. Setting ToS bits would seem ideal as most networks still honor it to varying

hi everybody. im trying to set up an QoS config, using layer7 (http://l7-filter.sourceforge.net/) for protocol detection. im suposing 3 clients with this configuration: 3 clients: 1.2.3.1 , 1.2.3.2 , 1.2.3.3 1.2.3.1 has 256kbit bandwidth "guaranteed" clients 1.2.3.2 and 1.2.3.3 has 256kbit bandwith so im marking every packet using layer7 iptables module, classifying them in three

Hello there! I am trying to get traffic shaping working on my Linux router (debian woody 3r02) and for some things I wanted to use the layer 7 packet classifier, but I can''t get it to work. Here is what I did: -downloaded the patches from http://l7-filter.sourceforge.net -downloaded the kernel 2.6.7 source -downloaded the iptables 1.2.11 source -patched kernel (layer7 patch and some

HI All , I am running a FC6 box with two internet links with load balance . Every thing is working fine expect the MSN connection that failed and reconnect every time and SSL connections . I would link to know if with the nona howto I could fix that . I have been tried with no success to redirect that connection only to one link but its look like do not work . Here my configuration :

Hello I''ve setuped a QOS bridge under debian 3.1 using 2.6.18.3 kernel + iptables 1.3.6 I''ve patched the kernel an Iptables with esfq+layer7 without problems. This simple script doesn''t log nothing ... And I''m sure to have eMule traffic (I''ve checked with tcpdump ) If I remove " -m layer7 --l7proto edonkey \" line I can see

Hi there, I have a little problem. I had this some months ago but didn''t solve it back then. I have patched my kernel with Layer 7 support and patched my iptables to support it, too. Now I inserted this line in my firewall script on my router for testing purpose: $IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7 --l7proto http -j DROP It works, BUT only if the

hello, I try to use layer7 filter to classify packets. I have a proble with http match. This protocol seems to work well with l7-filter (http://l7-filter.sourceforge.net/protocols) but for me nothing is filtering in http class. Someone can help me ? Here is my script : #!/bin/bash IPT_BIN=/sbin/iptables TC_BIN=/sbin/tc INTER_OUT=ppp0 LINK_RATE_UP=1000Kbit RATE_ACK=200Kbit RATE_DEFAULT=100Kbit

Hello everyone. CONFIGURATION DESCRIPTION: I have a linux box doing masquerade for two lan''s. Here is a piece of mine network config: eth0 : ISP , one public ip address (DSL modem) eth1 : lan , private network address fe: 192.168.4.0/24 eth2 : wlan access point performing as lan2wlan bridge , private network addes fe. 192.168.67.0/24 This box use 2.6.20 kernel with iptables-1.3.8

As seen on my post at: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112 This works very well... It does NOT work with stable 4.0! sveasoft will be issuing a bug fix for this (4.1) in the near future. Final Rev of working script w/ asterisk support I'm not going to run alchemy on production machines until it is stablish. Remember to set your uplink properly and to set

Hi All , My first message and I have a little problem with my FC6 box trying to block emule traffic using layer7 . Here my network : Internet --------- ADSL Router ------------------- FC6 Box -------------------- Emule Box external ADSL : Dynamic Internal ADSL : 192.168.254.1 external FC6 : 192.168.254.3 internal FC6 : 192.168.253.1 Emule Box : 192.168.253.3 I guess that everything

Hi,lartc I used iproute-060110 with iptables1.3.4 on gentoo 2005r1 kernel 2.6.14-5. I find some error messages in system logfile: HTB: quantum of class 10001 is big. Consider r2q change. HTB: quantum of class 10010 is big. Consider r2q change. tcf_action_init_1: successfull police HTB: quantum of class 20001 is big. Consider r2q change. HTB: quantum of class 20020 is big. Consider

Hello all, I am trying to configure a linux box to make some QoS into my netowork and, at the same box, control my clients bandwidth. I have this classes created: ---------------------------------------------------------------- UP="eth0" # wan infocontabil DL01="eth2" # lan clientes $TC qdisc del dev $DL01 root 2> /dev/null >

I''ve compiled my kernel (2.6.12.3) and iptables (1.3.3) and now -m layer7 option from iptables works (i don''t get any error when run the iptables command with -m layer7). The problem is that no packet is matched. For example iptables -A INPUT -p tcp -m layer7 --l7proto http -j ACCEPT doesn''t match http packets. The same for dns and ssh. So, what am I doing wrong? Is this