[LARTC] help :)
Hello lartc, I have about 400Kbit/s link, and I need to divide it into 2 parts (for 2 computers). What I have done wrong? Correct please! tc qdisc add dev eth0 root handle 10: cbq bandwidth 400Kbit avpkt 1000 tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 400Kbit rate \ 400Kbit allot 1514 weight 40Kbit prio 8 maxburst 20 avpkt 1000 tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 400Kbit rate \ 100Kbit allot 1514 weight 10Kbit prio 5 maxburst 20 avpkt 1000 bounded tc class add dev eth0 parent 10:1 classid 10:200 cbq bandwidth 400Kbit rate \ 300Kbit allot 1514 weight 30Kbit prio 5 maxburst 20 avpkt 1000 \ bounded tc qdisc add dev eth0 parent 10:100 sfq quantum 1514b perturb 15 tc qdisc add dev eth0 parent 10:200 sfq quantum 1514b perturb 15 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst \ 10.0.0.2 flowid 10:200 tc filter add dev eth0 parent 10:0 protocol ip prio 25 u32 match ip dst \ 10.0.0.3 flowid 10:100 -- Best regards, Waters mailto:[EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] A tc htb/iptables rate control script for ADSL
Errr my mistake ... Yes SYN not ACK, sorry. On Sat, 27 Apr 2002, Nils Lichtenfeld wrote: > Hello Devik! > > > But you can filter acks > > with ipchains too (-y). > > Uh can I? I thought -y is for matching SYN-Packets. > > Greetings Nils > > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] A tc htb/iptables rate control script for ADSL
Hello Devik! > But you can filter acks > with ipchains too (-y). Uh can I? I thought -y is for matching SYN-Packets. Greetings Nils ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Fwmark problem - policy routing does not work.
On Sat, 27 Apr 2002, Adrian Chung wrote: > On Sat, Apr 27, 2002 at 10:25:24AM +0200, Arthur van Leeuwen wrote: > > On Fri, 26 Apr 2002, Adrian Chung wrote: > > > > > When you add a route that sets a src like: > > > > > > ip route add table 192.168.1.0/24 src 192.168.1.11 dev eth0 > > > > > > The "src" doesn't specify the source IP to put in the packet (it's not > > > network address translation, like SNAT in iptables), it just specifies > > > which local source IP the routing mechanisms should use to determine > > > where to route the packet. > > > > Actually, it is more subtle than that. The 'src' *does* specify the source > > IP to put in the packet *if* the packet doesn't have a source IP yet. This > > only holds true for packets generated locally. > > Ah okay, that makes sense... But I think in both our cases the > packets were generated locally, so the 'src' flag should have set the > source IP. > > Is it possible for the application (telnet in my case) to explicitly > bind to a socket and set it's source IP? That could explain why the > rule has no effect since by the time the packet reaches the routing > system, it already has a source IP set. Yes, that is possible. Doei, Arthur. -- /\/ | [EMAIL PROTECTED] | Work like you don't need the money /__\ / | A friend is someone with whom | Love like you have never been hurt /\/__ | you can dare to be yourself | Dance like there's nobody watching ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Fwmark problem - policy routing does not work.
On Sat, Apr 27, 2002 at 10:25:24AM +0200, Arthur van Leeuwen wrote: > On Fri, 26 Apr 2002, Adrian Chung wrote: > > > When you add a route that sets a src like: > > > > ip route add table 192.168.1.0/24 src 192.168.1.11 dev eth0 > > > > The "src" doesn't specify the source IP to put in the packet (it's not > > network address translation, like SNAT in iptables), it just specifies > > which local source IP the routing mechanisms should use to determine > > where to route the packet. > > Actually, it is more subtle than that. The 'src' *does* specify the source > IP to put in the packet *if* the packet doesn't have a source IP yet. This > only holds true for packets generated locally. Ah okay, that makes sense... But I think in both our cases the packets were generated locally, so the 'src' flag should have set the source IP. Is it possible for the application (telnet in my case) to explicitly bind to a socket and set it's source IP? That could explain why the rule has no effect since by the time the packet reaches the routing system, it already has a source IP set. -- Adrian Chung (adrian at enfusion-group dot com) http://www.enfusion-group.com/~adrian GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17 [toad.enfusion-group.com] up 34 days, 17:14, 17 users ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Fwmark problem - policy routing does not work.
Hello, On Sat, 27 Apr 2002, Thilo Schulz wrote: > > It does not. The ip rule does that. Routing does not mangle packets, unless > > the packet is locally generated and incomplete. > > it is generated locally in my case. May be your problem is that LOCALOUT is after routing, the socket already created connected route and is bound to specific src IP. It is too late to mark packets just to select different src IP via routing. May be you have to use SNAT to change the src IP to the desired one. I didn't tried it and I don't know whether it works. And I see in recent sources some funny things, for example, ipt_local_hook(MANGLE) calls ip_route_me_harder from LOCAL_IN but I'm not sure it will hurt your tests. May be you can ask for new LOCAL_ROUTING hook where MANGLE can select different src IP for different users before route connection :))) > - Thilo Schulz Regards -- Julian Anastasov <[EMAIL PROTECTED]> ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Fwmark problem - policy routing does not work.
> Actually, it is more subtle than that. The 'src' *does* specify the source > IP to put in the packet *if* the packet doesn't have a source IP yet. This > only holds true for packets generated locally. Then why does it not work together with the fwmark policer? > It does not. The ip rule does that. Routing does not mangle packets, unless > the packet is locally generated and incomplete. it is generated locally in my case. - Thilo Schulz ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Fwmark problem - policy routing does not work.
On Fri, 26 Apr 2002, Adrian Chung wrote: > When you add a route that sets a src like: > > ip route add table 192.168.1.0/24 src 192.168.1.11 dev eth0 > > The "src" doesn't specify the source IP to put in the packet (it's not > network address translation, like SNAT in iptables), it just specifies > which local source IP the routing mechanisms should use to determine > where to route the packet. Actually, it is more subtle than that. The 'src' *does* specify the source IP to put in the packet *if* the packet doesn't have a source IP yet. This only holds true for packets generated locally. > For example, I've got policy routing setup with FreeS/WAN on a gateway > with an internal and external interface, where I do: > > # ip rule add table 1 prio 100 > # ip route add table 1 dev ipsec0 src > > This forces the box to route all packets to the remote LAN via the > internal interface, rather than the external interface. > > However, the packets that show up at the other end don't contain a > source IP of from the table 1 route, rather they contain the > source IP of the client machine that sent them. > This led me to believe that the "src" option only adjusts the way the > routing machinery in the kernel decides where and how to route the > packet, but doesn't change/rewrite the source address in the packets > themselves. It does not. The ip rule does that. Routing does not mangle packets, unless the packet is locally generated and incomplete. Doei, Arthur. -- /\/ | [EMAIL PROTECTED] | Work like you don't need the money /__\ / | A friend is someone with whom | Love like you have never been hurt /\/__ | you can dare to be yourself | Dance like there's nobody watching ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/