Re: [LARTC] htb problem
Hey I hve the same problem. My packets are marked, my classes are OK my filters are set OK and all packets are passing through the root class!! I think that this is a big problem. A know 1 more person that has the same problem! --- изпратено от mail.bG Силна Анти-спам защита 12MB Място за поща SMS за нов емeйл и към двата оператора! POP3/WAP Достъп _ HOB БEЗПЛATEH AДPEC ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] HTB Question...
htb script: #!/bin/bash tc qdisc del dev eth1 root handle 1: tc qdisc add dev eth1 root handle 1: htb default 12 tc class add dev eth1 parent 1: classid 1:1 htb rate 48kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:11 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:12 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:13 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:14 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:15 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:16 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:17 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:18 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:19 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:20 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:21 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:22 htb rate 4kbps ceil 48kbps tc filter add dev eth1 parent 1:1 protocol ip handle 10 fw classid 1:10 tc filter add dev eth1 parent 1:1 protocol ip handle 11 fw classid 1:12 tc filter add dev eth1 parent 1:1 protocol ip handle 13 fw classid 1:13 tc filter add dev eth1 parent 1:1 protocol ip handle 14 fw classid 1:14 tc filter add dev eth1 parent 1:1 protocol ip handle 15 fw classid 1:15 tc filter add dev eth1 parent 1:1 protocol ip handle 19 fw classid 1:16 tc filter add dev eth1 parent 1:1 protocol ip handle 20 fw classid 1:17 tc filter add dev eth1 parent 1:1 protocol ip handle 24 fw classid 1:18 tc filter add dev eth1 parent 1:1 protocol ip handle 29 fw classid 1:19 tc filter add dev eth1 parent 1:1 protocol ip handle 32 fw classid 1:20 tc filter add dev eth1 parent 1:1 protocol ip handle 33 fw classid 1:21 tc filter add dev eth1 parent 1:1 protocol ip handle 34 fw classid 1:22 iptables -F -t mangle iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.10 -j MARK --set- mark 10 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.11 -j MARK --set- mark 11 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.13 -j MARK --set- mark 13 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.14 -j MARK --set- mark 14 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.15 -j MARK --set- mark 15 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.19 -j MARK --set- mark 19 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.20 -j MARK --set- mark 20 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.24 -j MARK --set- mark 24 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.29 -j MARK --set- mark 29 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.32 -j MARK --set- mark 32 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.33 -j MARK --set- mark 33 iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.34 -j MARK --set- mark 34 Firewall ans routing script: #!/bin/sh IPT=/usr/sbin/iptables EXTIF="eth1" INTIF="eth0" echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr $IPT -P INPUT ACCEPT $IPT -F INPUT $IPT -P OUTPUT ACCEPT $IPT -F OUTPUT $IPT -P FORWARD DROP $IPT -F FORWARD $IPT -t nat -F $IPT -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT #$IPT -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPT -A FORWARD -j LOG $IPT -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE #THE FIREWALL PART## $IPT -A INPUT -i $INTIF -j DROP $IPT -A INPUT -i $INTIF -s 192.168.193.10 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.11 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.13 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.14 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.15 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.19 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.20 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.24 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.29 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.32 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.33 -j ACCEPT $IPT -A INPUT -i $INTIF -s 192.168.193.34 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.10 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.11 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.13 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.14 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.15 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.19 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.20 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.24 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.29 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.32 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.33 -j ACCEPT $IPT -A FORWARD -i $INTIF -s 192.168.193.34 -j ACCEPT $IPT -A FORWARD -i $INTIF -j DROP this are the latest scripts. I've made a LOT of changes. the packets are marking: iptables -L -n -v -t mangle Chain PREROUTING (policy ACCEPT 113K packets,
[LARTC] HTB default 12 ?
I've found that when the value in: tc qdisc add dev eth1 root handle 1: default 12 -> is 12 some of the packets are massing through class 1:12 and other through 1:1 if this value is 25 for example in the tc -s -d class show dev eth1 there are 0 packets sent from ALL CLASSES!!! why is that? I'm marking all packets with iptables and than using: tc filter add dev eth0 parent 1:1 protocol ip handle [mark_number] fw classid [class_number] but tha packets are passing from everywhere else but the class I want!!! HELP --- изпратено от mail.bG Силна Анти-спам защита 12MB Място за поща SMS за нов емeйл и към двата оператора! POP3/WAP Достъп _ HOB БEЗПЛATEH AДPEC - http://mail.bg/new/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] HTB question (problem with tc filter + NAT)
I wan to share internet to these 12 PCs. But my traffic control is not working. I'm using IP Masquerading to route internet to the LAN eth0 - LAN interface eth1 - Internet interface this is my firs htb script: #!/bin/bash tc qdisc del dev eth1 root handle 1: tc qdisc add dev eth1 root handle 1: htb default 30 tc class add dev eth1 parent 1: classid 1:1 htb rate 25kbps ceil 48kbps #tc class add dev eth0 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:11 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:12 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:13 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:14 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:15 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:16 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:17 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:18 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:19 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:20 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:21 htb rate 4kbps ceil 48kbps tc class add dev eth1 parent 1:1 classid 1:22 htb rate 4kbps ceil 48kbps tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.10 classid 1:11 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.11 classid 1:12 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.13 classid 1:13 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.14 classid 1:14 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.15 classid 1:15 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.19 classid 1:16 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.20 classid 1:17 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.24 classid 1:18 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.29 classid 1:19 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.32 classid 1:20 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.33 classid 1:21 tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.193.34 classid 1:22 I tryed to change the parent ID, the Interface -> nothing Stef told me that this is not working because of the NAT so I've changed the filter part: tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw classid 1:1 tc filter add dev eth1 parent 1:0 protocol ip handle 11 fw classid 1:12 tc filter add dev eth1 parent 1:0 protocol ip handle 13 fw classid 1:13 tc filter add dev eth1 parent 1:0 protocol ip handle 14 fw classid 1:14 tc filter add dev eth1 parent 1:0 protocol ip handle 15 fw classid 1:15 tc filter add dev eth1 parent 1:0 protocol ip handle 19 fw classid 1:16 tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw classid 1:17 tc filter add dev eth1 parent 1:0 protocol ip handle 24 fw classid 1:18 tc filter add dev eth1 parent 1:0 protocol ip handle 29 fw classid 1:19 tc filter add dev eth1 parent 1:0 protocol ip handle 32 fw classid 1:20 tc filter add dev eth1 parent 1:0 protocol ip handle 33 fw classid 1:21 tc filter add dev eth1 parent 1:0 protocol ip handle 34 fw classid 1:22 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.10 -j MARK -- set-mark 10 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.11 -j MARK -- set-mark 11 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.13 -j MARK -- set-mark 13 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.14 -j MARK -- set-mark 14 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.15 -j MARK -- set-mark 15 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.19 -j MARK -- set-mark 19 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.20 -j MARK -- set-mark 20 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.24 -j MARK -- set-mark 24 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.29 -j MARK -- set-mark 29 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.32 -j MARK -- set-mark 32 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.33 -j MARK -- set-mark 33 iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.34 -j MARK -- set-mark 34 I thing that this is wright but no! I've changed FORWARD with OUTUP. I tryed without specifying Interface -> still nothing. What is wrong? there is no filtration at all! Every packet is forwarded to the root class! You can guess what happens when someone from the LAN starts to dowload! My router box is: Slackware 9.0 (2.4.20 kernel) Thank y