Hello list. I've configured a very simple script to slow down packets coming from a particular IP Address. I've used IPTABLES to mark traffic coming from this IP Address, but it does not appear to be working as expected. Let me first describe my system as maybe what I'm doing is beyond what NETFILTER can do.
I have one machine that runs all my servers as VM's. The P2P WinXP box and the router are virtualized. So too is the Windows 2003 DNS server. Please have a look at the traffic control script below and let me know if I've done something wrong! Cheers, tkb. Below is the script. You'll note that I've even tried using a filter (attached to eth0 - LAN) linking parent at eth0 going to a class on eth1 - is this even valid? tc did not seem to complain about it so I figured it must be okay. #******************************************************************* #!/bin/bash # Whole purpose of this is to slow the P2P WinXP box down! ################################### # Reset everything to known state # ################################### tc qdisc del dev eth0 root tc qdisc del dev eth1 root #################### # Setup the qdiscs # #################### tc qdisc add dev eth0 parent root handle 1: htb default 10 tc qdisc add dev eth1 parent root handle 2: htb default 10 ########################## # Setup the root classes # ########################## tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit \ ceil 10mbit tc class add dev eth1 parent 2: classid 2:1 htb rate 384kbit \ ceil 384kbit burst 15k ########################### # Setup the child classes # ########################### tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10mbit \ ceil 10mbit prio 0 tc class add dev eth1 parent 2:1 classid 2:10 htb rate 224kbit \ ceil 384kbit prio 0 tc class add dev eth1 parent 2:1 classid 2:11 htb rate 100kbit \ ceil 100kbit prio 1 tc class add dev eth1 parent 2:1 classid 2:12 htb rate 60kbit \ ceil 60kbit prio 2 ##################### # Setup the filters # ##################### # match acks the hard way, # IP protocol 6, # IP header length 0x5(32 bit words), # IP Total length 0x34 (ACK + 12 bytes of TCP options) # TCP ack set (bit 5, offset 33) ACK="tc filter add dev eth1 protocol ip parent 2:0 prio 0 u32" $ACK match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ classid 2:11 #**U32_0="tc filter add dev eth0 protocol ip parent 1:0 u32" #**$U32_0 match ip src 192.168.200.163 classid 2:12 #U32_1="tc filter add dev eth1 protocol ip parent 2:0 u32" P2P="tc filter add dev eth1 protocol ip parent 2:0 prio 10" $P2P handle 1 fw classid 2:12 #################################################### # Setup the queue discipline for the child classes # #################################################### tc qdisc add dev eth1 parent 2:10 handle 10: sfq perturb 10 tc qdisc add dev eth1 parent 2:11 handle 11: sfq perturb 10 tc qdisc add dev eth1 parent 2:12 handle 12: sfq perturb 10 #************************************************************************ _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
