[LARTC] Problem with HTB and ceil
Hi, I am trying to setup a shaper for my linux box and I am experiencing some problems. What I am trying to do is priorizing packets on the egress link, therefore I have setup some prio classes etc. The priorizing seem to work but the problem is that the ceil parameter doesnt seem to work on non leafs. This is what stats show: > class htb 1:1 root rate 3000bit ceil 3000bit burst 1602b/8 mpu 0b overhead 0b cburst 1602b/8 mpu 0b overhead 0b level 7 > Sent 770965 bytes 2139 pkts (dropped 0, overlimits 0) > rate 178264bit 62pps > lended: 0 borrowed: 0 giants: 0 > tokens: -5999 ctokens: -5999 How can this be possible? From my understanding it shouldnt be possible to exceed the ceil bitrate, but this happens here. What did I overlook? What do these negative token counters mean? Thanks for your help in advance. nik ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Problems with Routing (was RE: [LARTC] Losing Packets after a DNAT in prerouting)
Wel that helped, but I'm still having problems. Here is what is happening now: I send a packet from 134.173.94.7 to 134.173.95.146 (those devices are on the same network). It goes into my router on eth2 and gets DNATed to 192.168.5.9 which is on eth3. It gets routed properly and gets to my machine at 192.168.5.9. My machine at 192.168.5.9 responds. It goes back into my router on eth3. My router routes the packet out eth0 and the automatic rule sets to source address back to 134.173.95.146. Since the packet has a source address that is on the wrong interface the packet is dropped. It appears that my problem is that I need it to route the connection back out the same interface that it came in on. However for new connections I need it to use eth0 as the default route. Thanks Jefferson Cowart [EMAIL PROTECTED] > -Original Message- > From: pramod [mailto:[EMAIL PROTECTED] > Sent: Sunday, July 17, 2005 22:08 > To: Jefferson Cowart > Cc: lartc@mailman.ds9a.nl > Subject: Re: [LARTC] Losing Packets after a DNAT in prerouting > > I am sorry > In the second option i did a mistake > Do the following things... > 1) Restore the arp_filter to default.. > 2) Set rp_filter to 0 (zero) > > thanks > pramod > > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] luca buratti è assente dall'ufficio.
Sarò assente dall'ufficio a partire dal 18/07/2005 e non tornerò fino al 25/07/2005. Risponderò al messaggio al mio ritorno. Trend Scan Mail: this message is virus free. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] routing based on user id
Hi all! I've got 2 (soon 3) internet connection. 1 - via ADSL, 2(and3) via ppp My network: http://desima.objectis.net/network-diag linux1: user1.user2 eth0=192.168.1.1 ppp0=192.168.5.2( gw 192.168.5.1) gw=192.168.1.2 ( thru ADSL) compA=192.168.1.6 compB=192.168.1.15 gw2=192.168.1.217 via ppp to different ISP All works for compA and CompB, user1 should use default gw(192.168.1.2) user2 should use ppp0 For user2 it will work only if I change his route thru gw2(not ppp0): iptables -A OUTPUT -t mangle -m owner --uid-owner 1006 -j MARK --set-mark=0x1 ip rule add fwmark 0x01 table gw2 ip route add default via 192.168.1.217 table gw2 ip route flush cache But If I change his route via ppp0 (table T2) all traffic stop for him but will work ok for users CompA and B (using SNAT) iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source 192.168.7.2 According to tcpdump packets going: 192.168.5.2>200.200.200.200 and back 192.168.5.2<200.200.200.200 but for some reason not reaching user2 How I can enable routing thru ppp0 for user2? (I will need it lateer for user3 using ppp1) Any help greatly appreciated Configs: ip rule ls: 0: from all lookup local 32750: from all fwmark 0x1 lookup T2 32751: from 192.168.5.2 lookup T2 32752: from 192.168.5.1 lookup T2 32756: from 192.168.1.6 lookup T1 32757: from 192.168.1.15 lookup T2 32766: from all lookup main 32767: from all lookup default ip route table T2 192.168.5.0 dev ppp0 scope link src 192.168.5.2 192.168.1.0/24 dev eth0 scope link 127.0.0.0/8 dev lo scope link default via 192.168.5.1 dev ppp0 ip route ls 192.168.1.0 dev eth0 scope link src 192.168.1.1 192.168.5.1 dev ppp0 proto kernel scope link src 192.168.5.2 203.97.61.42 via 192.168.1.2 dev eth0 192.168.1.0/24 dev eth0 scope link 127.0.0.0/8 dev lo scope link default via 192.168.1.2 dev eth0 local-map.png Description: PNG image ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IPSEC packets not passing POSTROUTING chain
hi On Sun, 17 Jul 2005 22:11:32 +0200 richard lucassen <[EMAIL PROTECTED]> wrote: > Packets going to a 2.6 kernel IPSEC tunnel do not seem to pass the > POSTROUTING chain. Is that correct? > running 2.6.11.0 and using snat (in the postrouting-chain) successfully for the decrypted packets to be routed/snatted into the internal lan. greetings user01 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Load balancing (LARTC 4.2) over 2 connections on 2 routers.
Hi, I'm building a network similar to that seen in 4.2 of the LARTC Howto. There is a diagram of this attached to this mail. Addendum to diagram: AlexRouter br0 = 192.168.58.1 eth0 = dhcpcd DaveRouter br0 = 192.168.58.2 eth0 = dhcpcd But we've run into some problems when actually implementing the routing for multiple uplinks. The difference between my network and the LARTC example is instead of having one router with two modems I have two routers with one modem each. AlexRouter and DaveRouter. They run Bering-uClibc 2.x off of fd0. A wired/wireless network connects the two together. 192.168.58.0/24. AlexRouter is the default route/DNS server/DHCP server for every host on the network. It gets its DNS servers from dhcpcd. They way I figure it, Provider2 in the example is (in my case) actually DaveRouter. With that in mind, these are the figures I came up with for settings up the routes. These are all from the perspective of AlexRouter. $IF1 = eth0 $IF2 = br0 $IP1 = 80.blah.blah.blah (can't remember my real address) $IP2 = 192.168.58.1 $P1 = $IP1 *DON'T KNOW IF THIS IS RIGHT, DON'T KNOW HOW TO FIND MY PROVIDERS GATEWAY* $P2 = 192.168.58.2 (DaveRouter) $P1_NET = 80.blah.blah.0/24 (got $IP1 and $P1_NET from ip route show) $P2_NET = 192.168.58.0/24 $P0_NET = 192.168.58.0/24 $IF0 = br0 If I set up all the routes using those values, test browsing around is flakey. Some pages load, some don't (one connection working, one not?) I *can* use one connection *OR* the other connection. But only if I manually re-write /etc/resolv.conf to contain the correct DNS servers for the provider used. One ISP is Demon, the other is BT. They won't let each other use their DNS servers. Also, I had duplicate returns from ping. Apart from that, I'm not sure where I go with diagnosis. Does anybody have any idea what's going on? Thanks, James. The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The contents of an attachment to this email may contain software viruses that could damage your own computer systems. Whilst The Spur Group of Companies has taken every precaution to minimise the risk, we cannot accept liability for any damage that you sustain as a result of software viruses. StonechatNetSm.png Description: StonechatNetSm.png ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] ppp uplink shaping problems
Hello, i played a few days with tc htb classes and classified my packets using iptables CLASSIFY target. here is what i did: #!/bin/bash int='ppp0' #making all things clear tc qdisc del dev $int root iptables -t mangle --flush iptables -t mangle --delete-chain if $1 then #defining classes tc qdisc add dev $int root handle 1: htb default 20 r2q 2 tc class add dev $int parent 1: classid 1:1 htb rate 22kbps tc class add dev $int parent 1:1 classid 1:10 htb rate 10kbps ceil 22kbps prio 0 tc class add dev $int parent 1:1 classid 1:20 htb rate 9kbps ceil 15kbps prio 1 tc class add dev $int parent 1:1 classid 1:30 htb rate 3kbps ceil 13kbps prio 2 tc qdisc add dev $int parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev $int parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev $int parent 1:30 handle 30: sfq perturb 10 iptables -t mangle -N TS_FWD iptables -t mangle -A FORWARD -j TS_FWD iptables -t mangle -A TS_FWD -o ppp0 -p ! icmp --match length --length 0:70 -j CLASSIFY --set-class 1:10 iptables -t mangle -A TS_FWD -o ppp0 -p ! icmp --match length --length 0:70 -j RETURN iptables -t mangle -A TS_FWD -i eth2 -o ppp0 -p tcp --source 192.168.0.2 --destination-port 80 -j CLASSIFY --set-class 1:20 iptables -t mangle -A TS_FWD -i eth2 -o ppp0 -p tcp --source 192.168.0.2 --destination-port 80 -j RETURN iptables -t mangle -A TS_FWD -i eth2 -o ppp0 -p tcp --source 192.168.0.2 --destination-port 443 -j CLASSIFY --set-class 1:20 iptables -t mangle -A TS_FWD -i eth2 -o ppp0 -p tcp --source 192.168.0.2 --destination-port 443 -j RETURN iptables -t mangle -A TS_FWD -i eth2 -o ppp0 -p tcp --source 192.168.0.2 --destination-port 554 -j CLASSIFY --set-class 1:10 iptables -t mangle -A TS_FWD -i eth2 -o ppp0 -p tcp --source 192.168.0.2 --destination-port 554 -j RETURN #if $2 #then #iptables -t mangle -A TS_FWD -i eth2 -o ppp0 --source 192.168.0.2 -j LOG #fi iptables -t mangle -A TS_FWD -i eth2 -o ppp0 --source 192.168.0.2 -j CLASSIFY --set-class 1:30 fi It works not really good. I tested it using my internal 100MBit network interface using multiple ftp connections and classified the packets based on their source-ip. That works fine with same classes. Immediately all things i expected took place. Also the prio option worked fine. If i was running 2 simultanious downloads, the one with the higher piority gets all borrowable downloadspeed and the one with the lower priority gets his ashured rate. But same classes didnt work with my 192kbit 2048kbit ppp link. Well ok, they are working, but not like i want them to work. The speed changes takes some seconds to take place. And the priority seems to be ignored. I have to say, that the i tested the ppp uplink using emule with many connections (500 - 800) and the higher priority upload was one active ftp connection. Whats my fault? Regards Richard Hauswald ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc