similar to: One tc filter police for 2 subnets

Hi all, I''d like to have multiple polices in an interface with different src address, like that: tc qdisc add dev eth4 handle ffff: ingress tc filter add dev eth4 parent ffff: protocol ip prio 5 u32 match ip src \ 192.168.18.0/24 police rate 128kbit burst 10k drop flowid :1 tc filter add dev eth4 parent ffff: protocol ip prio 5 u32 match ip src \ 192.168.36.0/24 police rate

Hi I''m doing traffic shaping with tc on ''10.0.0.0/30'' and ''10.0.0.28/30''. I want to delete part of shaping rules on the fly. (see my configuration at the end of this mail) I wan''t to delete the shaping for ''10.0.0.0/30'' on the fly while still keeping the shaping for part ''10.0.0.28/30'' running. When I for

Hello everybody on the list, I have the following situation where I want to police the speed of incoming packets from specific subnets to 1024kbps and then police all the rest to 256kbps, which is the speed my ISP grants for the rest of the internet. So, eth1 is the one connected to the cable modem and then to the internet. I do: tc qdisc add dev eth1 ingress handle ffff: then: tc filter

Hi, What is the difference between the rate values you specify in "tc class ... htb ... rate ..." and in "tc filter ... police ... rate ..."? Thanks in advance. Best regards. -- Value your freedom, or you will lose it, teaches history. ``Don''t bother us with politics,'''' respond those who don''t want to learn. -- Richard M. Stallman

Dear all, <BR><BR>I was used to work on R1.6 and I have now passed on R1.6.2 but I can''t read my <BR>file (and that is a big problem!!).<BR>I made a data sheet with some <BR>spreadsheet in Excell, and save it as separeted by tab .txt.<BR>I write in R<BR>read.table ("file.txt",h=T,sep="/t",dec=",")<BR>But R

Hi, I''m trying to police ingress traffic based on port numbers and IP addresses. The u32 match based on IP addresses seems to work without issues and I''m am able to police incoming packets. However, the same isn''t working with u32 matches based on TCP port numbers. For port numbers, I added exactly one ''u32 match'' rule: common for both: # tc qdisc add

On 31/07/2019 16:40, L.P.H. van Belle via samba wrote: > Good question, i think so yes. > > Man smb.conf does not tell us if its space of , separeted. > I go for space, you what your showing should be fine. > If un sure, switch the ip and monitor the other dns servers. > Ah, but the release notes for 4.5.0 tells us it is space separated ;-) Rowland

Hi Folks, I''m using a 2.4.x kernel and TC from the iproute2 package so that I can limit traffic through my gateway. I''m using this to mark packets when they leave the LAN: /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0 -m 1 When the packets return, I need to have them marked again so that the ingress filter will limit the bandwidth in the opposite

Hi everyone, I''m new to tc but I need to use it to set up shaping on a new NAT box. In short: Each user must have their upload limited to 128kbit and downlink limited to 256kbit. Global bandwidth to be limited to 100Mbit Interactive packets to have higher priority 200+ users, so need to match packets fast So far I have managed to get the download limits working. However I need to

I''m converting my network from a "one interface per segment" to a "single connection with vlans", well, some hardware I have requires using different vlan IDs. suffice it to say I need bridges to connect a few different vlans that should all be one but can''t be because of firmware constraints. so my first step is to get shorewall to know about bridges.

Dear List, Sorry for the dublicated email but I couldn''t get any answer. I am trying to limit some IP blocs with tc with following three step. # interface tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 256kbit # class tc class add dev eth0 parent 1: classid 1:1 cbq rate 64kbit \ allot 1500 prio 5 bounded isolated # rules # download tc filter add dev eth0 parent 1:

hi All, seems like a kernel problem when I do the following on kernel 2.6.12.5 tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo parent 1: classid 1:1 htb rate 512kbit ceil 1mbit all works as expected (traffic is limited to 1mbit), but this doesn''t work the same way on kernel 2.6.14.3, and actually only ceil has effect (in my previous message I mentioned

Hi all I have a trouble configuring the qdiscs, when I indicate the "perturb 10" option to tc, i gives me this error: tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10 RTNETLINK answers: Invalid argument if I don''t put the "perturb 10" option, it works. another question is about iptables, when I indicate the " --set-mark" option: iptables -t

I am contemplating converting some of our internal networks from routable to private IPv4 address space. I have a question about RIP as implemented under Cisco IOS 12.x. Presently the setting for rip is: router rip version 2 passive-interface [[FastEthernet]]0/0 network aaa.bbb.ccc.0 no auto-summary What I would like to know is how one routes the entire 192.168/16 address space using rip.

I am trying shorewall as my previous post With alisias on eth1 loc and 4 pptp client vpns. The odd thing is when I enter one of the vpns in interfaces such as vpn1 it works. But if I enter the vpn in the hosts file shorewall blocks the vpns. shorewall/hosts #ZONE HOST(S) OPTIONS loc eth1:192.168.25.0/24 loctw eth1:192.168.50.0/24 locsa eth1:192.168.75.0/24 vpntw

Hi, I have tried to implement DNS Forward on Samab 4 DC through DNS Manager on Windows and a message appear stating that "The system is not support this function". That way I should add the "dns forwarder" directive in smb.conf as follows: cat /etc/samba/smb.conf # Global parameters [global] netbios name = SAMBA4-DC realm = EMPRESA.COM.BR workgroup = EMPRESA server role =

Dear all, I''m having real problems getting tc to do anything useful at all. I''m also under pressure to get this fixed before the students start arriving later this month (I work in a university). In short, I want each IP address to be hard limited to 128kbit down, 64kbit up, never to be allowed more bandwidth than this. It is also important that the latency remains

Hello, I am trying to use iptables together with tc I need to use IPMARK module of iptables, but I got a strange error after I run ''iptables -t mangle -A POSTROUTING -o eth0 -j IPMARK --addr=dst --and-mask=0xffff --or-mask=0x1000'' The command is copied from iptables manual itself (of course interface changed) I only got " iptables v1.3.5: Unknown arg

I would like to test police in ingress. I use kernel 2.4.20. I use this configuration: iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j

Hi. I''m using the following filter from lartc "ultimate PPP" example: tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 It works fine, but when I remove the "burst 10k", I receive the following error: "burst" requires "rate". Illegal "police"