similar to: filtering on destination MAC address

Hello all, I am having some trouble getting a firewall filter to work with TC. I am actually setting the mark via EBTables (which is working as far as I can tell, I am also logging the packet and my syslog reports lots of marks): ebtables -t broute -A BROUTING -p ipv4 -i eth1 -s 08:00:46:60:B3:57 -j mark --set-mark 7 --mark-target CONTINUE --log --log-level debug --log-prefix "EBFW Mark

Hi all, I am testing one QOS system, I want to control bandwidth by VLAN id. Here is my test network: Internet Gateway | | QOS control box ( Bridge box, Redhat 9, 2.4.28 kernel with ebtables-brnf-8_vs_2.4.28 patch) | | VLAN Switch | | PC PC In my QOS control box, it is a bridge box, I used Redhat 9, 2.4.28 kernel with ebtables-brnf-8_vs_2.4.28

My hfsc rule .. tc qdisc add dev eth2 handle 1: root hfsc iptables -t mangle -N ms-all iptables -t mangle -N ms-all-chains iptables -t mangle -N ms-prerouting iptables -t mangle -A PREROUTING -j ms-prerouting iptables -t mangle -A ms-prerouting -j CONNMARK --restore-mark iptables -t mangle -A ms-prerouting -p udp --dport 4444 -j MARK --set-mark 1 iptables -t mangle -A ms-prerouting -p udp -m

I have a setup where I have three NIC in a Debian box. I have eth1 conected to internet and eth0 NAT''ed to 192.168.1.1. eth1 and eth2 are bridged together, given ip 192.168.122.2. What I want to achieve is to perform traffic shaping on the bridge as well as prioritizing the traffic from eth0 very low. (This is from trental flat ...) However it seems that I am unable to perform thhe

Hi, this is my Linux Box ---------------------------- LAN 1 -----|--eth1 <---br1--->eth0.1 | | \ | | eth0--|----- 802.1q tagged 1 Mbps link | / | LAN 2 -----|--eth2 <---br2--->eth0.2 | ---------------------------- I have to bridge the 2 lans

Hi, In my LAN Iam trying to make following setup: - All the traffic generated by 10.0.2.1 should go to 10.0.2.11, If the destination of this traffic is internet than it should be placed on its interface eth1. Outgoing traffic on eth1 should be shaped.For this I am using fw filters and cbq. _______ 10.0.2.1 -------> 10.0.2.11(eth0 )----| A

Running CentOS 5.4 x64. Have successfully bridged eth2 with br2 by following the instructions here: http://wiki.libvirt.org/page/Networking (under the RHEL section) Have been running several KVM VMs successfully via this bridge. I am now trying to bridge additional interfaces by using the same routine. Each bridge is named to correspond with the ethX device its bridged with. Example of

Hi all, I''m having a hell of a time getting my IFB to work. I know I''ve done this before, so I''m missing something stupid. Can anybody tell me what it might be? Configs as follows: -------- #!/bin/sh modprobe ifb numifbs=1000 modprobe act_mirred modprobe 8021q brctl addbr br0 brctl setfd br0 0 brctl stp br0 off brctl addif br0 eth1 brctl addif br0 eth2 ifconfig eth1

Hi! I recently changed my qdisc from CBQ and PRIO to only HTB, and I can''t really seem to get the rates to work as I want them to. I have eight classes, which I set up as follows: tc qdisc add dev eth1 root handle 1: htb default 122 tc class add dev eth1 parent 1: classid 1:1 htb rate 1000kbit ceil 1000kbit cburst 1500 burst 50kb tc class add dev eth1 parent 1:1 classid 1:11 htb prio 0

hi. When I execute follow class setting qdisc 1:0 root htb default 2 parent 1:0 classid 1:1 htb rate 10Mbit ceil 10Mbit parent 1:1 classid 1:2 htb rate 10kbit ceil 100Mbit HTB: quantum of class 10001 is big. Consider r2q change. <7>htb*g j=1014xxxxx HTB: quantum of class 10001 is big. Consider r2q change. <7>htb*g j=1014xxxxx HTB: quantum of class 10001 is big. Consider r2q change.

Hi all. I''m trying to tie mac addresses to IP addresses to stop ip and mac spoofing on my xen host running debian5.0 amd64. I''ve been trying to follow http://archive.netbsd.se/?ml=xen-users&a=2007-11&m=5776600 The DomU''s network gets blocked both inward and outward. I''ve patched my vif-bridge with the intructions on that page any they seem to be

Hello! I am using shapping whith htb. My question is what are the propper values I can use in rate/ceil. I use htb.init for quick building of my classes/rules and have 2 groups of clients with 2 different bandwidth assignemet : A. 16--->48kbps B. 16---->128Kbps It seems to work everything OK, but can I use lower values for rate like 8Kbps ? What about using 32-->96Kbps? I let htb to

Hi All, I''m trying to do some traffic shaping on an ethernet bridge. Currently, I have the following setup working: ifconfig eth0 down brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth1 brctl stp br0 off ifconfig eth0 0.0.0.0 up ifconfig eth1 0.0.0.0 up ifconfig br0 up This creates a bridge consisting of eth0 and eth1. So far so good. I now want to use tc to shape traffic

Hi! I just recently entered the wonderful world of the so called "advanced routing" and decided to try and limit the bandwidth of a MASQed network here and ended up in trouble :(. The setup is (as far as I can tell) pretty straightforward. eth0 is connected to the "real" network with a proper IP, and eth2 is 192.168.10.x (the MASQed network). All of it is basicly right out of

Hello i''m having some issues trying to match packets using iptables mark, iproute filter and tc filter.- i mean, when i do iptables -t mangle -A INPUT -p tcp --dport 80 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 10 iptables -t mangle -A FORWARD -p tcp -i eth0 -o eth1 --dport 25 -j MARK --set-mark 10 $TC qdisc del dev $INET_IFACE root $TC

Dear all, I want to make a filter for all IRC-Dalnet traffic, so I want to put all traffic for port 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667, 6668, 6669, 7000, 7001, 7002, and 8000 to a class. So, I create a TC script as below. I''m sure, it is not effective, and we can write it in simpler. I need help, how to make my script below are simpler. The simpler, the better. Thank you

I need to shape traffic from some IP on one LAN, but I''m in trouble. There is a linux 2.4.26 connected to the Internet (eth0) / LAN(eth1) doing NAT. I''m using VLANs in the LAN Interface, that is connected to a 3Com SuperStack II in a 802.1Q tagged port. I want to create a class that will limit the traffic at 384Kbit/s. I want to create two leaf classes that limit the traffic at

Hi, i´ve read about this problem but i didn´t find any solution. I have a router with nat like that: internet - eth0 - Router - eth1 - Lan I made a htb script for shaping outgoing in eth0 and it works great. The problem begin with the incoming traffic... Like other people said, when somebody in the lan uses the tipical download accelerator, the line is out because the bandwidth is divided by

Dear all, I am facing problem in restricting upload traffic on fake ip address 10.0.0.0/8 network. I can easily restrict upload traffic on my real ip address. eth0 --wan port connected to internet eth1 --lan port connect to local network my script on eth1 is working properly bcoz it is for downlink traffic this is the script which is having problem.

Hi guys Finally , after reading a lot of docs from larc/opalsoft/etc, I decided to start learning some QoS First of all I''m trying to shape only download from a iptables+squid+qos machine for 4 machines at LAN ( eth0) Can anyone help me , cause it is not working properly.. ----------------------------------------------------------------- #!/bin/bash # 128Kbps