similar to: NAT & tc filter addresses

I set up this config: +------+ -+ ISP1 +--+ +------+ | +-------+ +--+ linux | +------+ | +-------+ -+ ISP2 +--+ +------+ No problem. Standard setup with two ISP''s. Both routed subnets. Default gateway is ISP1. No magic here. Now I put a server behind the Linux box. I want the server to be reachable on an /extra/ IP in the routed subnet of ISP2. +------+ -+ ISP1

Hi. I understand that device aliases (e.g. eth2:3) are not shapeable. Does anybody know if this functionality is planned in the future? Anyway, for the time being the only option that seems to leave is to fwmark packets differently for each device alias and then shape based on that. Is it possible to set multiple marks on the packets? Alternatively, is it possible to check for a specific

Martin, If I understand whay you are suggesting, there is a problem in your design: It will only work if you use Hide NAT. The problem is that the ip_src == IP0 rule is wrong: The ip_src is not changed by the router and it is not equal to the IP of any of the machine interfaces. Can you think of a solution that will work in the following reasonabl scenario: Lets say I have two T1 internet

Hi all, I have setup two multipath route tables on my system for doing failover routing, What I want it''s that if GW at route1 of the MP is dead, traffic goes by route2, for doing that I have created the multipath routes as follows: ip route add table mail.traffic proto static nexthop via ${GW1} dev eth1 weight 1 nexthop via ${GW2} dev eth1 weight 250 But it does not run as I

Hi all I started playing with tcng to generate my tc rules, but I have some difficulty implementing my rules... The script below generates an error: # Device eth0 tc qdisc add dev eth0 ingress beginner.tc:2: don''t know how to build meter for this The script is below, I changed the real IP numbers for XXs and YYs, since it doesn''t really matter what they are. eth0 is the

I am using tbf to do bandwidth limitation. i found that when i start passing traffic there is a burst and then the rate goes down to what is configured. is this a known issue or do i need to change some parameters? thanks. --------------------------------- Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. _______________________________________________ LARTC mailing list

Hi all. I''ve written a small htb script that uses U32 and FW (marked by IPTABLES) filters, but TC doesn''t seem to be using the "cls_fw.o" module !!! I''m using redhat v9.0, kernel 2.4.8-20, iproute 2.4.7-7. Here is my script: ========================================================== ##################### #Interface definition #####################

Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so

Hi all, We have 2 class C networks that are connected by a Linux router with the internet. We want to apply traffic control (bandwidth control). For that we wrote the tcc script below. We have 2 problems: 1. To establish a 2 megagit download we must actually set the value to 2500kbps. Is there a possible reason for that? 2. If we enable the WAN device we get very hight ping times (they change

Greetings all, OK - just started playing around with traffic shaping - have imq and htb and (I think) everything else I need in the kernel and running well. My initial lab task was to protect a H.323 session over a simulated half T1 while adding bulk traffic - got that accomplished after slogging through learning tc and decided in short order that a more intuitive interface would be

Hi, I have 2 internet connections (1 adsl/1 cable). I am try to route all outgoing mail from the mail server (on the same box), through the ADSL connection routing through the cable will mean mail will get rejected by AOL :( I am using qmail as the mail server. The configuration is: eth0 : cable connection ppp0 : adsl connection eth2 : internal lan connection I have configured split access as

HI folks, I have a linux router connected to two separate internet connection from an ISP. There is a third interface ( ip -> 192.168.1.1 ) in the router connected to the local network. Configured the routing tables and added the rules and everything seems to be working fine from the routing box. Traceroute to external internet sites reveal that traffic is being routed correctly and

Hi, I find this diagram which details the kernel packet traveling : http://www.docum.org/docum.org/kptd/ Is it up to date ? I made some test and I put a DNAT rules in the PREROUTING table of an interface and I attach it a ingress policy, the dst IP wasn''t changed. the DNAT it isn''t yet make. I''ve another question (I''m not sure is it the good mailing list), for

Hi, I have the following situation: 1 gateway box with 2 WAN interfaces (eth1 and eth2). 1 LAN interface eth0 default gateway is eth2 I want to route all traffic with destination protocol tcp 22 (ssh) NOT over the default gateway eth2 but force them to find it''s route over eth1. All other traffic must go the normal way over eth2. Is this possible with tc or an other tool? --

Hi All, I did a google search on this and didn''t find exactly what I was looking for. Suppose I have a machine that has an IP alias eth0:0. I have set up HTB.init so that it properly throttles bandwidth on eth0, however when I use eth0:0, it doesn''t work. I read elsewhere that it should work at the PHYSICAL device layer, and should therefore work for both at once. This is not

Hello all, I am trying to set up a simple htb based system, where packets with source ip 10.0.0.1 should have their own class. I plan to use tcng to set it up easier. Is there something wrong in my tcng file ? ~/tcng$ cat htb /* */ #include "fields.tc" #include "ports.tc" dev eth0 { htb ( ) { class ( rate 600kbps, ceil 600kbps ) {

The recent thread titled: working ftp shaping, i think provided a script example where 100Mbps was specified as the rate for a typical NIC. If that NIC is connected to a switch, chances are that it runs at 100Mbps in each direction concurrently - duplexed Writing a rule that specifies a 100Mbps rate and thereby a 100Mbps ceil, limits the connection to half the available bandwidth. I

Hello all, I am still reading about my QoS rules and I need that one of my servers (that is into my LAN but has an routing ip address) did not get into the qos rules I have. So I want that all traffic coming or going to that specifc host did not get shapped by any traffic control and do not get even into a QoS class. How can I do this? Att, Nataniel Klug

helo again. I think this question i am asking is worth: we know that pppoe-server creates a pppX device on each connection done to it. So, when i have to shape, i have to shape each pppX connection device on itself alone. What i know is that the borrowing method on one device by itself, e.g. ppp0, alone using HTB or the like. this means that i have to create for another device, e.g. ppp1,

I am trying to mark outbound passive ftp traffic with iptables and shape it to 35KBytes. I am using the following script on the computer that runs the ftp server. It is not working correctly, it seems to limit ALL traffic. Cant file share or anything. Anyone might know what is wrong? #!/bin/bash #shaping passive ftp traffic # mark the outbound passive ftp packets on ports 50000-51000