Re: [LARTC] Error in "15.10 Example of full nat solution with QoS"?
Sean Dwyer wrote: On Wednesday 05 October 2005 18:30, Sean Dwyer wrote: Near the end of section 15.10, the following commands are shown for prioritizing SYN packets: iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1 iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN Shouldn't the "-I" option really be "-A"? Like so: iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN Won't using "-I" cause these entries to be inserted at the top of the chain, putting the RETURN before the MARK is set? Maybe I'm missing something. Does anybody who maintains lartc.org read this mailing list? I doubt if Bert reads every or maybe any post - I agree about the -I being wrong. The LARTC hasn't been changed for a while but will be someday I guess. There is going to be a wiki soon - there is already a new one for Linux-net http://linux-net.osdl.org/ . Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] readable tc -s filter show dev X
Hi everybody, i think somobody here should encounter the same problem as me. :-) I have the problem with the output of commang tc -s filter show dev X , for first i dont fully understand all descriptions as fh, divisor , and the ip adress is in hex. My question is if somebody did write some convertor to convert this hex numbers to normal ip numbers.. thanks. Jorge Sanchez ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB problem running on VLAN, not working
Samuel Koscelansky / "SUBNET" wrote: I tested shaping on vlan and it seems OK for me (even though my switch doesn't do vlan it doesn't seem to block oversize frames). I noticed a few things with your setup - #classes for download /sbin/tc class add dev eth0.100 parent 100: classid 100:1 htb rate 4000kbit quantum 6000 /sbin/tc class add dev eth0.100 parent 100:1 classid 100:2 htb rate 1000kbit quantum 6000 /sbin/tc qdisc add dev eth0.100 parent 100:2 handle 1002 pfifo limit 10 You attach pfifo as if 100:2 is a leaf class here #my pc testing class #down /sbin/tc class add dev eth0.100 parent 100:2 classid 100:2828 htb rate 1000kbit quantum 6000 /sbin/tc filter add dev eth0.100 parent 100: protocol ip prio 1 u32 match ip dst 217.67.28.28 classid 100:2828 /sbin/tc qdisc add dev eth0.100 parent 100:2828 handle 1002828 sfq perturb 10 But have it as a parent here, also I think the handle on sfq is too big and if eth0.100 is to your ISP then dst should be changed src in the match. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Two Output Gateways
Hello, Currently running Kernel 2.4.31 with iptables 1.3.3 i---i i R1 ii i---i ii---i i-- iS1 i i---i ii---i i R2 i-i i---i Sceanario Two internet connections comming into R1 and R2 R1 and R2 both connect to internal destination server S1 Due to software restrictions have to use one default route. Simple script to validate gw availablilty and swap if necessary Reqirements Returning traffic from incoming connections over the same router as where it originated. i.e. If default gatway is set to be R1 incoming connections are fine if originated on connection R1. However connections initiated through R2 timeout. Have tried numerous combinations of iptables, iproute2 and cannot get it to work. Is it possible to mark which router the traffic originated and push the return traffic over that router for instance ? Any help greatly appreciated. Regards /Steve ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] [ANNOUNCE] iproute2 (051007)
Hi! --- Stephen Hemminger <[EMAIL PROTECTED]> wrote: > Fix one serious bug (in libnetlink), and a couple of > other minor > patches. > > http://developer.osdl.org/dev/iproute2/download/iproute2-051007.tar.gz > > Stephen Hemminger >Reenable ip mroute > > Mike Frysinger > Handle pfifo_fast that has no qopt without > segfaulting This means it can be used as a leaf qdisc? When i tried to use it like that it seg faulted. That made me stay with sfq. > > Mads Martin Joergensen > Trivial netem ccopts > > Jerome Borsboom > Fix regression in ip addr (libnetlink) handling > > > -- > Stephen Hemminger <[EMAIL PROTECTED]> > OSDL http://developer.osdl.org/~shemminger > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > Thank you for your post! __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
