Displaying 20 results from an estimated 5000 matches similar to: "One tc filter police for 2 subnets"
2004 Jun 28
0
Multiple police rates
Hi all,
I''d like to have multiple polices in an interface with different src
address, like that:
tc qdisc add dev eth4 handle ffff: ingress
tc filter add dev eth4 parent ffff: protocol ip prio 5 u32 match ip src \
192.168.18.0/24 police rate 128kbit burst 10k drop flowid :1
tc filter add dev eth4 parent ffff: protocol ip prio 5 u32 match ip src \
192.168.36.0/24 police rate
2005 Apr 20
1
deleting tc rules
Hi
I''m doing traffic shaping with tc on ''10.0.0.0/30'' and ''10.0.0.28/30''.
I want to delete part of shaping rules on the fly. (see my
configuration at the end of this mail)
I wan''t to delete the shaping for ''10.0.0.0/30'' on the fly while still
keeping the shaping for part ''10.0.0.28/30'' running.
When I for
2006 Jun 16
3
tc ingress policing with multiple subnets
Hello everybody on the list,
I have the following situation where I want to police the speed of incoming
packets from specific subnets to 1024kbps and then police all the rest to
256kbps, which is the speed my ISP grants for the rest of the internet.
So, eth1 is the one connected to the cable modem and then to the internet.
I do:
tc qdisc add dev eth1 ingress handle ffff:
then:
tc filter
2004 Nov 30
1
"tc class htb"''s and "tc filter police"''s rate
Hi,
What is the difference between the rate values you specify
in "tc class ... htb ... rate ..." and in "tc filter ...
police ... rate ..."?
Thanks in advance.
Best regards.
--
Value your freedom, or you will lose it, teaches history.
``Don''t bother us with politics,'''' respond those who don''t
want to learn.
-- Richard M. Stallman
2003 Mar 21
5
Problem with read.table
Dear all, <BR><BR>I was used to work on R1.6 and I have now passed on R1.6.2 but I can''t read my <BR>file (and that is a big problem!!).<BR>I made a data sheet with some <BR>spreadsheet in Excell, and save it as separeted by tab .txt.<BR>I write in R<BR>read.table ("file.txt",h=T,sep="/t",dec=",")<BR>But R
2007 Apr 11
4
Policing based on port numbers
Hi,
I''m trying to police ingress traffic based on port numbers and IP
addresses. The u32 match based on IP addresses seems to work without
issues and I''m am able to police incoming packets. However, the same
isn''t working with u32 matches based on TCP port numbers. For port
numbers, I added exactly one ''u32 match'' rule:
common for both:
# tc qdisc add
2019 Jul 31
1
DNS Forward Samba 4
On 31/07/2019 16:40, L.P.H. van Belle via samba wrote:
> Good question, i think so yes.
>
> Man smb.conf does not tell us if its space of , separeted.
> I go for space, you what your showing should be fine.
> If un sure, switch the ip and monitor the other dns servers.
>
Ah, but the release notes for 4.5.0 tells us it is space separated ;-)
Rowland
2001 Jun 12
2
Marking returned MASQ'ed packets (ingress, TC, etc.)
Hi Folks,
I''m using a 2.4.x kernel and TC from the iproute2 package
so that I can limit traffic through my gateway. I''m using this
to mark packets when they leave the LAN:
/sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0
-m 1
When the packets return, I need to have them marked again so that
the ingress filter will limit the bandwidth in the opposite
2007 Jul 30
17
tc n00b
Hi everyone,
I''m new to tc but I need to use it to set up shaping on a new NAT box.
In short:
Each user must have their upload limited to 128kbit and downlink limited
to 256kbit.
Global bandwidth to be limited to 100Mbit
Interactive packets to have higher priority
200+ users, so need to match packets fast
So far I have managed to get the download limits working. However I need
to
2010 Dec 12
3
weird fail with conversion to bridges?
I''m converting my network from a "one interface per segment" to a
"single connection with vlans", well, some hardware I have requires
using different vlan IDs. suffice it to say I need bridges to connect a
few different vlans that should all be one but can''t be because of
firmware constraints. so my first step is to get shorewall to know
about bridges.
2005 Jan 06
3
tc and ntop inconsistent data flow
Dear List,
Sorry for the dublicated email but I couldn''t get any answer.
I am trying to limit some IP blocs with tc with following three step.
# interface
tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 256kbit # class
tc class add dev eth0 parent 1: classid 1:1 cbq rate 64kbit \
allot 1500 prio 5 bounded isolated
# rules
# download
tc filter add dev eth0 parent 1:
2005 Dec 16
1
tc strange behaviour (some discoveries)
hi All,
seems like a kernel problem
when I do the following on kernel 2.6.12.5
tc qdisc add dev lo root handle 1: htb default 1
tc class add dev lo parent 1: classid 1:1 htb rate 512kbit ceil 1mbit
all works as expected (traffic is limited to 1mbit), but this doesn''t
work the same
way on kernel 2.6.14.3, and actually only ceil has effect (in my
previous message
I mentioned
2004 Nov 24
8
tc and iptables trouble
Hi all
I have a trouble configuring the qdiscs, when I indicate the "perturb 10" option to tc, i gives me this error:
tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10
RTNETLINK answers: Invalid argument
if I don''t put the "perturb 10" option, it works.
another question is about iptables, when I indicate the " --set-mark" option:
iptables -t
2008 Oct 03
3
OT: RIP settings for private netblocks
I am contemplating converting some of our internal networks from routable
to private IPv4 address space. I have a question about RIP as implemented
under Cisco IOS 12.x.
Presently the setting for rip is:
router rip
version 2
passive-interface [[FastEthernet]]0/0
network aaa.bbb.ccc.0
no auto-summary
What I would like to know is how one routes the entire 192.168/16 address
space using rip.
2005 Jun 26
12
Vpn Trouble
I am trying shorewall as my previous post With alisias on eth1 loc and 4
pptp client vpns.
The odd thing is when I enter one of the vpns in interfaces such as vpn1 it
works.
But if I enter the vpn in the hosts file shorewall blocks the vpns.
shorewall/hosts
#ZONE HOST(S) OPTIONS
loc eth1:192.168.25.0/24
loctw eth1:192.168.50.0/24
locsa eth1:192.168.75.0/24
vpntw
2019 Jul 31
3
DNS Forward Samba 4
Hi,
I have tried to implement DNS Forward on Samab 4 DC through DNS Manager on
Windows and a message appear stating that "The system is not support this
function".
That way I should add the "dns forwarder" directive in smb.conf as follows:
cat /etc/samba/smb.conf
# Global parameters
[global]
netbios name = SAMBA4-DC
realm = EMPRESA.COM.BR
workgroup = EMPRESA
server role =
2007 Aug 29
11
tc not matching
Dear all,
I''m having real problems getting tc to do anything useful at all. I''m
also under pressure to get this fixed before the students start arriving
later this month (I work in a university).
In short, I want each IP address to be hard limited to 128kbit down,
64kbit up, never to be allowed more bandwidth than this. It is also
important that the latency remains
2007 Sep 24
3
trouble when using IPMARK module
Hello,
I am trying to use iptables together with tc
I need to use IPMARK module of iptables, but I got a strange error after I
run ''iptables -t mangle -A POSTROUTING -o eth0 -j IPMARK --addr=dst
--and-mask=0xffff --or-mask=0x1000''
The command is copied from iptables manual itself (of course interface
changed)
I only got " iptables v1.3.5: Unknown arg
2006 Jun 30
1
police rate doesn''t work ?
I would like to test police in ingress.
I use kernel 2.4.20.
I use this configuration:
iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j
2007 Jun 18
1
Fwd: police burst is mandatory?
Hi.
I''m using the following filter from lartc "ultimate PPP" example:
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
It works fine, but when I remove the "burst 10k", I receive the following
error:
"burst" requires "rate".
Illegal "police"