similar to: fw mark and policers on 2.6 not working ?

Displaying 20 results from an estimated 8000 matches similar to: "fw mark and policers on 2.6 not working ?"

2005 Apr 04
8
Help please with tc and iptables mark
Hello list members, Finaly I''m here after a week of trying to subscribe to this list... pfew... Anyway... I have a rather strange problem with tc. I am trying to police the ingress traffic into my network using the iptables MARK feature (in mangle table, PREROUTING) but it seems that tc filters ignore this marks and they don''t work at all for me. Let me explain a bit more in
2005 Apr 22
1
AW: AW: AW: AW: Activate ingress policies on suse enterpr ise serv er 9
Hi, So far, if have understand correctly: I route the incoming tcpip message of port 8099 directly to 8080 and then the ingress filter on port 8099 has nothing to do!? Yes I think on different interface on one machine (different Ports for different Request, with different restriction). What has exactly to be done to set the policier before Prerouting! Which kernel options, or also extra
2002 Dec 17
5
WonderShaper on LAN link kills to-host speed
I tried installing the WonderShaper on my internal link, mostly to get the SFQ installed. I set uplink and downlink to 100000 to match the link speed and changed the bandwidth on the cbq line to 100mbit. This killed transfer speed *to* the box, knocking it from 30-40 Mbps down to about 800 kbps. Commenting out just the ingress control restored the speed. What about the ingress policer would do
2005 Apr 18
1
AW: Activate ingress policies on suse enterprise server 9
Hi, Thanks for the fast response, .)Okay I tried your suggestion for my port 8099 and nothing happened: The tcp ip information goes from a firewall to my port 8099 and this port is than routed to the original 8080, I do that because I don`t want to dirturb my port 8080. But it seams the ingress filter doesn`t work on it!! iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt
2006 Apr 09
10
Trying to do some very simple ingress limiting, no success
Hi, I am trying to do some simple ingress limiting based on fwmark. I know the ability and sense to do INGRESS limiting is ehm... limited ;-) but still I want to try it. I tried several things. === 1 === tcq ingress handle ffff: tcf parent ffff: protocol ip prio 1 handle 1 fw police rate 12mbit burst 10k drop tcf parent ffff: protocol ip prio 1 handle 2 fw police rate 10mbit burst 10k drop
2005 Apr 05
8
Qos with 2 internet connections problems
Hi all, ive got 2 internet connections set up via the nano howto (which are working great) and we are running NAT. Was looking in to qos mainly to stop large http downloads/ftp downloads from hogging the line so that browsing for other users doesnt slow to a crawl, but if the line is free and no one is doing anything then for it to use the available bandwith. The wondershaper sounded exactly what
2006 Jun 30
1
police rate doesn''t work ?
I would like to test police in ingress. I use kernel 2.4.20. I use this configuration: iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j
2005 Apr 20
3
AW: AW: AW: Activate ingress policies on suse enterprise serv er 9
Hi, My problem is following now: I would like to set the filters for port 8099. I have tried it, but nothing happened. When I try the same filter for the port 8080 it is working very well. .) working filter (here I can see the dropped packages): tc filter add dev eth0 parent ffff: protocol ip u32 match ip dport 8080 0xffff police rate 1kbit burst 1 drop flowid :1 .) not working filter (here I
2002 Jun 12
3
Why this stupid ingress tc does not work ?
Hi ! I wanted to shape my analog modem connection so I took these two lines from the ''wondershaper'' script: tc qdisc add dev $DEV handle ffff: ingress #tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip \ src 0.0.0.0/0 police rate ${DOWNLINK} burst 10k drop flowid :1 with DEV=ppp0 and DOWNLINK=24kbit. But, when I activate it, nothing comes back from the
2004 Nov 16
2
tc rules for Internet Radio
I am currently using the ultimate-tc script from http://lartc.org/howto/lartc.cookbook.ultimate-tc.html and I want to make sure that internet radio packets (mp3 streaming audio) will always get through no matter what. I have added some iptables commands like this: iptables -A OUTPUT -t mangle -p tcp --dport 8000 -j TOS --set-tos Minimize-Delay iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j
2006 Nov 20
2
Fwd: Traffic Shaping on a Transparent Bridge not working!
I''m trying to shape traffic on a Devil-Linux box. This note was originally sent to their maillist, because the LARTC list appears to have been down for the past few days. My mailbox was just flooded with a half dozen or so confirmation requests in response to my repeated attempts to subscribe to this list. ---------- Forwarded message ---------- From: drew einhorn
2005 Apr 26
1
Activate ingress policies on suse ent erpr ise serv er 9
Hi, The problem is this is my goal to use the policier and not the iptables. Because with the policier i think you can give more rules and restrictions to the incoming tcpip traffic. So I would prefer to use the policier and not the iptables. Thanks Gernot > GRAMES Gernot > __________________________________ > SIEMENS AG Austria > PSE SMC AI 21 > * Tel.: +43 (0) 5 1707
2005 Jan 05
19
[PATCH] mark in u32
Hello, Stephen, List! Attached is the patch for iproute2 to add the possibility to use fwmark in u32 filters. The kernel part was included in 2.6.10. Please apply! Thank you! For more info: - Kernel patch (not needed for 2.6.10): http://kernel.umbrella.ro/net/mark_in_u32/net-match-nfmark-in-u32.patch - Examples: http://kernel.umbrella.ro/net/mark_in_u32/examples.txt --- Catalin(ux aka Dino)
2005 Nov 25
2
ingress police kernel options?
Hello list! In am stuck in getting the wondershaper script working. The last line of the script (tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 1800kbit burst 10k drop flowid :1) produces the following error: RTNETLINK answers: Invalid argument Could somebody please give me a hint on how to fix this? Regards, borghart
2006 Sep 16
1
Wondershaper Errors
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all! when I activate wondershaper on my dsl connection (pppoa vc mux), i get three errors: # sh -x /usr/sbin/wshaper ppp0 + /usr/sbin/xmlstarter setenv tc_downlink + DOWNLINK= + /usr/sbin/xmlstarter setenv tc_uplink + UPLINK= + [ -z ] + cat /proc/avalanche/avsar_modem_stats + grep Connection Rate + awk {printf("%d", $8)} +
2004 May 12
0
ingress policy filter for variable rate
Hi, I have a question about policy filters. All I want is incoming traffic being restricted to a specific rate. At the moment, I get way lower rates than specified. So far, I did use a filter much like Wondershaper does: tc filter add dev $DEV parent ffff: protocol ip prio 50 \ u32 match ip src 0.0.0.0/0 \ police rate ${DOWNLINK}kbit burst 10k drop flowid :1
2004 Jun 08
11
how flexible is ingress traffic policing to bandwidth limit?
[I sent this earlier but I guess the list is subscriber-only?] I just set up wondershaper, it has a simple filter on the downstream direction to limit the bandwidth usage: tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 This is effective but is there any way to
2003 Feb 02
0
question about ingress police
Hi stef and all I want measure the policy perfomance for video traffic on mpls diffserv network. there are two different polices for video packet 1. Video packets that are marked that are over the limit are to be rejected at the edge router. 2. Video packets that are marked that are over the limit are to be downgraded as best effort and are sent through. Before video enter my mpls
2006 Jun 16
3
tc ingress policing with multiple subnets
Hello everybody on the list, I have the following situation where I want to police the speed of incoming packets from specific subnets to 1024kbps and then police all the rest to 256kbps, which is the speed my ISP grants for the rest of the internet. So, eth1 is the one connected to the cable modem and then to the internet. I do: tc qdisc add dev eth1 ingress handle ffff: then: tc filter
2007 Nov 21
0
Problem with ingress policing on bridged device
I''m having trouble getting ingress policing to work on a bridged device. The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1, vif[25].1 . (This is under xen, in case the vif''s didn''t give that away, so peth0 is renamed eth0.) The tc rules I have are: tc qdisc del dev peth0 root tc qdisc del dev peth0 ingress handle ffff: tc qdisc add dev peth0 root