Re: [LARTC] htb problem

[terahz]

Hey I hve the same problem. My packets are marked, my classes are OK
my filters are set OK
and all packets are passing through the root class!!
I think that this is a big problem. A know 1 more person that has the same
problem!
--- изпратено от  mail.bG
Силна Анти-спам защита
12MB Място за поща
SMS за нов емeйл и към двата оператора!
POP3/WAP Достъп
_
HOB
 БEЗПЛATEH AДPEC

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] HTB Question...

[TeraHz]

htb script:
#!/bin/bash
tc qdisc del dev eth1 root handle 1:
tc qdisc add dev eth1 root handle 1: htb default 12
tc class add dev eth1 parent 1: classid 1:1 htb rate 48kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:16 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:17 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:18 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:19 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:21 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:22 htb rate 4kbps ceil 48kbps

tc filter add dev eth1 parent 1:1 protocol ip handle 10 fw classid 1:10
tc filter add dev eth1 parent 1:1 protocol ip handle 11 fw classid 1:12
tc filter add dev eth1 parent 1:1 protocol ip handle 13 fw classid 1:13
tc filter add dev eth1 parent 1:1 protocol ip handle 14 fw classid 1:14
tc filter add dev eth1 parent 1:1 protocol ip handle 15 fw classid 1:15
tc filter add dev eth1 parent 1:1 protocol ip handle 19 fw classid 1:16
tc filter add dev eth1 parent 1:1 protocol ip handle 20 fw classid 1:17
tc filter add dev eth1 parent 1:1 protocol ip handle 24 fw classid 1:18
tc filter add dev eth1 parent 1:1 protocol ip handle 29 fw classid 1:19
tc filter add dev eth1 parent 1:1 protocol ip handle 32 fw classid 1:20
tc filter add dev eth1 parent 1:1 protocol ip handle 33 fw classid 1:21
tc filter add dev eth1 parent 1:1 protocol ip handle 34 fw classid 1:22
iptables -F -t mangle
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.10 -j MARK --set-
mark 10
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.11 -j MARK --set-
mark 11
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.13 -j MARK --set-
mark 13
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.14 -j MARK --set-
mark 14
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.15 -j MARK --set-
mark 15
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.19 -j MARK --set-
mark 19
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.20 -j MARK --set-
mark 20
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.24 -j MARK --set-
mark 24
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.29 -j MARK --set-
mark 29
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.32 -j MARK --set-
mark 32
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.33 -j MARK --set-
mark 33
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.34 -j MARK --set-
mark 34



Firewall ans routing script:
#!/bin/sh
IPT=/usr/sbin/iptables
EXTIF="eth1"
INTIF="eth0"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPT -P INPUT ACCEPT
$IPT -F INPUT
$IPT -P OUTPUT ACCEPT
$IPT -F OUTPUT
$IPT -P FORWARD DROP
$IPT -F FORWARD
$IPT -t nat -F
$IPT -A FORWARD -i $EXTIF -o $INTIF -m state --state 
ESTABLISHED,RELATED -j ACCEPT
#$IPT -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPT -A FORWARD -j LOG
$IPT -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#THE FIREWALL PART##
$IPT -A INPUT -i $INTIF -j DROP
$IPT -A INPUT -i $INTIF -s 192.168.193.10 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.11 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.13 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.14 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.15 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.19 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.20 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.24 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.29 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.32 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.33 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.34 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.10 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.11 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.13 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.14 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.15 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.19 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.20 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.24 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.29 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.32 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.33 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.34 -j ACCEPT
$IPT -A FORWARD -i $INTIF -j DROP



this are the latest scripts. I've made a LOT of changes.

the packets are marking:

iptables -L -n -v -t mangle
Chain PREROUTING (policy ACCEPT 113K packets, 

[LARTC] HTB default 12 ?

[TeraHz]

I've found that when the value in: tc qdisc add dev eth1 root handle 1: 
default 12 -> is 12 some of the packets are massing through class 1:12 
and other through 1:1
if this value is 25 for example in the tc -s -d class show dev eth1 
there are 0 packets sent from ALL CLASSES!!!

why is that?
I'm marking all packets with iptables and than using:
tc filter add dev eth0 parent 1:1 protocol ip handle [mark_number] fw 
classid [class_number]

but tha packets are passing from everywhere else but the class I want!!!

HELP

--- изпратено от  mail.bG
Силна Анти-спам защита
12MB Място за поща
SMS за нов емeйл и към двата оператора!
POP3/WAP Достъп
_
HOB БEЗПЛATEH AДPEC - http://mail.bg/new/

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] HTB question (problem with tc filter + NAT)

[TeraHz]

I wan to share internet to these 12 PCs. But my traffic control is not 
working. I'm using IP Masquerading to route internet to the LAN

eth0 - LAN interface
eth1 - Internet interface

this is my firs htb script:
#!/bin/bash
tc qdisc del dev eth1 root handle 1:

tc qdisc add dev eth1 root handle 1: htb default 30

tc class add dev eth1 parent 1: classid 1:1 htb rate 25kbps ceil 48kbps
#tc class add dev eth0 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:16 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:17 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:18 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:19 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:21 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:22 htb rate 4kbps ceil 48kbps

tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.10 classid 1:11
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.11 classid 1:12
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.13 classid 1:13
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.14 classid 1:14
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.15 classid 1:15
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.19 classid 1:16
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.20 classid 1:17
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.24 classid 1:18
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.29 classid 1:19
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.32 classid 1:20
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.33 classid 1:21
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 
192.168.193.34 classid 1:22

I tryed to change the parent ID, the Interface -> nothing

Stef told me that this is not working because of the NAT

so I've changed the filter part:


tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw classid 1:1
tc filter add dev eth1 parent 1:0 protocol ip handle 11 fw classid 1:12
tc filter add dev eth1 parent 1:0 protocol ip handle 13 fw classid 1:13
tc filter add dev eth1 parent 1:0 protocol ip handle 14 fw classid 1:14
tc filter add dev eth1 parent 1:0 protocol ip handle 15 fw classid 1:15
tc filter add dev eth1 parent 1:0 protocol ip handle 19 fw classid 1:16
tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw classid 1:17
tc filter add dev eth1 parent 1:0 protocol ip handle 24 fw classid 1:18
tc filter add dev eth1 parent 1:0 protocol ip handle 29 fw classid 1:19
tc filter add dev eth1 parent 1:0 protocol ip handle 32 fw classid 1:20
tc filter add dev eth1 parent 1:0 protocol ip handle 33 fw classid 1:21
tc filter add dev eth1 parent 1:0 protocol ip handle 34 fw classid 1:22

iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.10 -j MARK --
set-mark 10
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.11 -j MARK --
set-mark 11
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.13 -j MARK --
set-mark 13
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.14 -j MARK --
set-mark 14
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.15 -j MARK --
set-mark 15
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.19 -j MARK --
set-mark 19
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.20 -j MARK --
set-mark 20
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.24 -j MARK --
set-mark 24
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.29 -j MARK --
set-mark 29
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.32 -j MARK --
set-mark 32
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.33 -j MARK --
set-mark 33
iptables -A FORWARD -i eth0 -t mangle -p tcp -s 192.168.139.34 -j MARK --
set-mark 34

I thing that this is wright but no!
I've changed FORWARD with OUTUP. I tryed without specifying Interface -> 
still nothing.

What is wrong?
there is no filtration at all! Every packet is forwarded to the root 
class! You can guess what happens when someone from the LAN starts to 
dowload!

My router box is: Slackware 9.0 (2.4.20 kernel)


Thank y