Re: [LARTC] Packet loss with htb+sfq+l7filter
Ypu said ypu've got 4Mbit. As far as I'm concerned 4Mbit= 1024*4=4096 So link capacity should be 4000kbit (rate and ceil of base class) Am I wrong? - Original Message - From: Eduardo Fernndez [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 15, 2004 3:52 PM Subject: [LARTC] Packet loss with htb+sfq+l7filter Hi all! I'm trying to shape traffic in a dorm's network (4 mbit symmetrical internet link, about 200 computers, heavy p2p usage). The router is a p4xeon running linux 2.6.9 with the qnet patches (http://kem.p.lodz.pl/~peter/qnet/). When I activate ip_forward I get 20% packet loss and a lot of duplicates. Any ideas? I attach my shaping script. Thank you very much in advance, Eduardo router:~# cat htb.new #!/bin/sh IFOUT=eth0 IFIN=eth2 # cleaning tc qdisc del dev $IFOUT root /dev/null tc qdisc del dev $IFOUT ingress /dev/null # link's capacity CEIL=500 # 1:10 interactive traffic with the highest prio (dns, ssh...) # 1:20 interactive traffic with lower prio (radios, vcn, x11...) # 1:30 bulk (http, ftp, cvs...) # 1:40 the rest (p2p mostly) tc qdisc add dev $IFOUT root handle 1: htb default 40 tc class add dev $IFOUT parent 1: classid 1:1 htb rate ${CEIL}kbps ceil ${CEIL}kbps tc class add dev $IFOUT parent 1:1 classid 1:10 htb rate 80kbps ceil 80kbps prio 0 tc class add dev $IFOUT parent 1:1 classid 1:20 htb rate 10kbps ceil 100kbps prio 1 tc class add dev $IFOUT parent 1:1 classid 1:30 htb rate 400kbps ceil ${CEIL}kbps prio 2 tc class add dev $IFOUT parent 1:1 classid 1:40 htb rate 10kbps ceil ${CEIL}kbps prio 3 tc qdisc add dev $IFOUT parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev $IFOUT parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev $IFOUT parent 1:30 handle 30: sfq perturb 10 tc qdisc add dev $IFOUT parent 1:40 handle 40: sfq perturb 10 tc filter add dev $IFOUT parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10 tc filter add dev $IFOUT parent 1:0 protocol ip prio 2 handle 2 fw classid 1:20 tc filter add dev $IFOUT parent 1:0 protocol ip prio 3 handle 3 fw classid 1:30 tc filter add dev $IFOUT parent 1:0 protocol ip prio 4 handle 4 fw classid 1:40 NF=/usr/local/sbin/iptables -t mangle -A PREROUTING NFl7=/usr/local/sbin/iptables -t mangle -A POSTROUTING -m layer7 /usr/local/sbin/iptables -F -t mangle # by tos $NF -p icmp -j MARK --set-mark 0x1 $NF -p icmp -j RETURN $NF -m tos --tos 0x8 -j MARK --set-mark 0x3 #scp $NF -m tos --tos 0x8 -j RETURN $NF -m tos --tos Minimize-Cost -j MARK --set-mark 0x1 $NF -m tos --tos Minimize-Cost -j RETURN $NF -m tos --tos Maximize-Throughput -j MARK --set-mark 0x4 $NF -m tos --tos Maximize-Throughput -j RETURN $NF -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1 $NF -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN # by layer 7 $NFl7 --l7proto http -j MARK --set-mark 0x3 $NFl7 --l7proto http -j RETURN $NFl7 --l7proto ftp -j MARK --set-mark 0x3 $NFl7 --l7proto ftp -j RETURN $NFl7 --l7proto skype -j MARK --set-mark 0x2 $NFl7 --l7proto skype -j RETURN $NFl7 --l7proto msnmessenger -j MARK --set-mark 0x1 $NFl7 --l7proto msnmessenger -j RETURN $NFl7 --l7proto msn-filetransfer -j MARK --set-mark 0x3 $NFl7 --l7proto msn-filetransfer -j RETURN $NFl7 --l7proto jabber -j MARK --set-mark 0x1 $NFl7 --l7proto jabber -j RETURN $NFl7 --l7proto smtp -j MARK --set-mark 0x3 $NFl7 --l7proto smtp -j RETURN $NFl7 --l7proto pop3 -j MARK --set-mark 0x3 $NFl7 --l7proto pop3 -j RETURN $NFl7 --l7proto ssh -j MARK --set-mark 0x2 $NFl7 --l7proto ssh -j RETURN $NFl7 --l7proto dns -j MARK --set-mark 0x1 $NFl7 --l7proto dns -j RETURN $NFl7 --l7proto telnet -j MARK --set-mark 0x2 $NFl7 --l7proto telnet -j RETURN $NFl7 --l7proto cvs -j MARK --set-mark 0x3 $NFl7 --l7proto cvs -j RETURN $NFl7 --l7proto irc -j MARK --set-mark 0x1 $NFl7 --l7proto irc -j RETURN $NFl7 --l7proto yahoo -j MARK --set-mark 0x1 $NFl7 --l7proto yahoo -j RETURN $NFl7 --l7proto counterstrike -j MARK --set-mark 0x1 $NFl7 --l7proto counterstrike -j RETURN $NFl7 --l7proto rstp -j MARK --set-mark 0x2 $NFl7 --l7proto rstp -j RETURN $NFl7 --l7proto live365 -j MARK --set-mark 0x2 $NFl7 --l7proto live365 -j RETURN $NFl7 --l7proto h323 -j MARK --set-mark 0x2 $NFl7 --l7proto h323 -j RETURN $NFl7 --l7proto quake-halflife -j MARK --set-mark 0x1 $NFl7 --l7proto quake-halflife -j RETURN $NFl7 --l7proto rdp -j MARK --set-mark 0x2 $NFl7 --l7proto rdp -j RETURN $NFl7 --l7proto rlogin -j MARK --set-mark 0x2 $NFl7 --l7proto rlogin -j RETURN $NFl7 --l7proto shoutcast -j MARK --set-mark 0x2 $NFl7 --l7proto shoutcast -j RETURN $NFl7 --l7proto validcertssl -j MARK --set-mark 0x3 $NFl7 --l7proto validcertssl -j RETURN $NFl7 --l7proto vnc -j MARK --set-mark 0x2 $NFl7 --l7proto vnc -j RETURN $NFl7 --l7proto x11 -j MARK --set-mark 0x2 $NFl7 --l7proto x11 -j RETURN # end ___ LARTC mailing list / [EMAIL PROTECTED]
Re: [LARTC] What is the reccomended minimum rate for leaf htb classfor accurate operation?
[EMAIL PROTECTED] wrote: Your gues is right. To get HTB work correctly you must know rate parameter for your connection also known as CIR. Coud you tell what minimum rate your clients have? My worst HTB class has rateceil 778bps. I guess the lower the rate, the less accurate the result. It can't be accurate, because the class already exceeds it's limit by sending just one single packet. I agree. As far as I know average MTU is 1500bytes. I have rate 13kbit/8=1625bytes so the limit should not be reached. Maybe there is overhead on ppp link and with this overhead clients gets congested? What do you think? Any ideas? Maybe it's more accurate in the long run, but I don't have any statistics to prove that. Anyway, the traffic for that class is damn slow, and that's all I need to know. ;-) Andreas ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] What is the reccomended minimum rate for leaf htb class for accurate operation?
So what about minimum rate? I have rate 13kbit. My connection is sometimes congested and and I have much loss of packets which are going from clients to the internet trough htb box. From box to the internet there is no any packet loss. Is this normal using HTB with congested connection? - Original Message - From: Andreas Klauer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 10:14 AM Subject: Re: [LARTC] What is the reccomended minimum rate for leaf htb class for accurate operation? Zviad O. Giorgadze wrote: # Class for GLOBAL traffic tc class add dev eth0 parent 1:1 classid 1:20 htb rate 115kbit ceil 1mbit Does different rate / ceil for the root class make sense? # Classes for PC-s tc class add dev eth0 parent 1:20 classid 1:21 htb rate 48kbit ceil 1mbit prio 2 tc class add dev eth0 parent 1:20 classid 1:22 htb rate 24kbit ceil 1mbit prio 3 tc class add dev eth0 parent 1:20 classid 1:23 htb rate 12kbit ceil 1mbit prio 5 tc class add dev eth0 parent 1:20 classid 1:24 htb rate 12kbit ceil 1mbit prio 5 tc class add dev eth0 parent 1:20 classid 1:25 htb rate 12kbit ceil 1mbit prio 5 I guess class 1:21 gets to borrow all the traffic up to 1mbit and the others get nothing at all. You really want that? These rates and prios don't make sense to me, what do you intend to do? I'd remove the prio parameter, increase global traffic class rate to 1mbit, and increase PC class rates so that they add up to 1mbit. Andreas ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] What is the reccomended minimum rate for leaf htb classfor accurate operation?
Your gues is right. To get HTB work correctly you must know rate parameter for your connection also known as CIR. Coud you tell what minimum rate your clients have? - Original Message - From: Andreas Klauer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 12:00 PM Subject: Re: [LARTC] What is the reccomended minimum rate for leaf htb classfor accurate operation? Zviad O. Giorgadze wrote: My ISP provides guarantied 115kbit bandwidth for GLOBAL TRAFFIC. During the low load period (early morning, evening, night) customers can get up to 1mbit traffic. That's download traffic we're talking about, since you seem to be shaping on your local LAN interface? Variable rate ISPs are tough to shape right, I guess... Does this 115kbit vs. 1mbit thing solely depend on ISP load, or does it depend on day of time? In the latter case, I'd let a cron job replace the HTB class structure, so that you have 115kbit ceil during the day when you really only get 115kbit and 1mbit ceil during the night when you actually get 1mbit. But I guess it's not that easy, huh? According to PRIO settings I try to give all available bandwidth (above the guarantied rate) to IP address. I think that all other IP-s get it's guarantied rate or may be I'm wrong? You have a 100mbit line, of which you only allow 1mbit to be used (Why make a 100mbit class then?). Unknown traffic (LAN, most likely) goes to class 1:22 (Why? Shouldn't only ISP traffic go there?). There is no distinction between ISP and LAN traffic at all... does that mean that there is no other traffic than ISP from/to your HTB box? Does anyone know how HTB performs on such a line? My guess would be that HTB doesn't have a clue that there are actually only 115kbit, and thus will allow classes to borrow too much, letting other classes starve. Andreas ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TCNG on a Linux NAT router question
1.On interface outgoing to internet: NAT is done before shaping. You must mark your packets in mangle table and then shape by mark using tcng. 2.On interface outgoing to LAN: You can shape by local address. Good Luck. P.S: You must shape two ways out because your connetcion get overflow. - Original Message - From: Joost Kraaijeveld [EMAIL PROTECTED] To: Lartc (E-mail) [EMAIL PROTECTED] Sent: Saturday, September 18, 2004 9:53 AM Subject: [LARTC] TCNG on a Linux NAT router question Hi all, I want to apply traffic control using TCNG 1.30 on a NAT router. Can I use the IP addresses on my LAN to shape the traffic on the outgoing interface, with other words, does the address translation take place before or after traffic control? (Or does it depend and if so, on what?) Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: [EMAIL PROTECTED] web: www.askesis.nl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] PPPoE w/ static /29 ip range, how is it done?
The first thing to do more complicated things you should change your distribution to full linux, not fresco or something like that. I've been trying to do raw routing on fresco a few months ago. It is much more complicated than on full distro. To much automatization. - Original Message - From: Dan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, August 28, 2004 9:09 AM Subject: [LARTC] PPPoE w/ static /29 ip range, how is it done? Hello everyone, I hope this is on-topic for the list... I'm familiar with NAT, but I can't see how to route a fully routed LAN. My new ISP has given me a /29 (I understand this to be 6 addresses + network address + broadcast address) which I would like to use, as multiple PCs here want to use p2p and games at the same time, and reconfiguring the port forwarding all the time is getting pretty silly. I'd also like the experience, since I've been messing with traffic, IDS and NAT for a while and I'm more interested in larger networks career wise, and they are typically not NATed. So how do I do this? Do I have to rewrite all the iptables/ipchains myself? Can e-smith or freesco or ipcop understand what I'm doing? Is there a way to test that the ISP is correctly routing the /29 traffic to the IP I get for the external link? I suspect anything I may do will be a waste of time if the ISP is misconfigured on their end. My early scratchings around the net indicate that real firewalls don't want pppoe, and pppoe distros want to do NAT. There's also a lot of discussion about how pppoe sucks compared to static IP but here in Australia the economics don't work so well Any help, advice or abuse would be welcome! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Gamest and QoS
While using htb have a look at r2q option and quantum (1500 bytes more or less). Threre is a special formula for it: quantum=(rate in kilobytes)/r2q it shuld 1500 byte. Try to set r2q to have on this level.Good thing is to have conn-limit patch from patch-o-matic to limit max connection from one client - it lowers ping too. Please do write what did you do and if it helped to resolve the problem. Good luck. Without QoS, while uploading some files via ftp i have pings (in my favourite game) 1000+. With my qos script my ping lower to 150 - 300, but is very unstable. Is there any way to configure htb, to have good, __STABLE__ pings ( 40 - 100) while other people exploring the internet. I've had this problem for about a year now, I'm not sure what the cause is exactly but I think it has to do with the minimum burst size that HTB must have, which is something like 1.5kbytes (per class), combined with the restricted timers that linux QoS uses. Anyway, what I ended up doing is using the prio qdisc (which doesn't do rate limiting, only prioritises packets) wrapped inside a TBF qdisc for its rate limiting. See my script below. One question I'd be wondering, is how to filter the game packets into the class. I'm a UT2k4 fan, and it's not as easy as just filtering based on port as the server ports are all over the map. Perhaps one would have to look at the packet size instead. Hopefully it would be constant or small. One way to filter this that might work, is to just put all the UDP traffic in your interactive class, which I assume UT2k4 uses. Not very many programs besides games use UDP traffic for its data transfer, so it should work without putting too much unwanted packets into your interactive class. As well, if your using ipp2p or port matching your p2p/ftp traffic, they won't be put into the interactive class. It's quite important to put your packet marking statements (iptables) in the right order also, if you do it in the wrong order all your packets will end up in your interactive class (happened to me in the beginning :) ). My script below should clarify things. Download my script here: http://quebeck.dyndns.org/temp/simple.htb I haven't finished fine tuning it yet, but the basic traffic shaping works. Jon Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Re: HTB 3.13 please help
Hello Devik! Thanks for your help. And many thanks to everybody from the group who has been thinking on my problem. It seems i resolved my problem - there is no connection loss while reseting htb, but I'll be observing it's stability in a few days. I have no words to write what a STUPID mistake it was. As i suposed it was conected with packet marking. I've been using this command to mark packets: iptables -t mangle -A MYSHAPER-OUT -p tcp -s 192.168.0.2 -j MARK --set-mark $mark BUT when configuring tcng i looked at my marking script what the heck??, Internet is not only tcp! Isn't it? I removed -p tcp and now it works. Yes it was really BAD and took me too much time ggrrr. Good luck folks. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] htb and fw problems
- Original Message - From: [EMAIL PROTECTED] To: Ing Isianto Istiadi [EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 1:40 PM Subject: Re: [LARTC] htb and fw problems hi! your default class must not have rate grater than your desired speed rate. If you have 64kbps your class shoud have 60kbps or less. Without this htb will not work as you except! tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps - Original Message - From: Ing Isianto Istiadi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 11:00 AM Subject: [LARTC] htb and fw problems Dear All, I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9, and gentoo. I have a leased-line 64 kbps. I can see the counter works in iptables, but in the htb, it doesn't go to the right class (it always go to the default class). Any help will be appreciated here's my htb conf #!/bin/bash tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1: htb default 80 tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil 35kbps prio 3 tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil 10kbps prio 0 tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps ceil 11kbps prio 2 tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbps ceil 40kbps prio 1 tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbps ceil 10kbps prio 4 tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10 tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10 tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10 tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw flowid 1:10 tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw flowid 1:20 tc filter add dev eth1 protocol ip parent 1:0 handle 30 fw flowid 1:30 tc filter add dev eth1 parent 1:0 protocol ip handle 40 fw classid 1:40 tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80 Here's my iptables rules*mangle :PREROUTING ACCEPT [1061:863210] :INPUT ACCEPT [1022:857788] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [947:201743] :POSTROUTING ACCEPT [947:201743] -N personal -N others -N personal1 #-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2 -A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j personal #-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20 -A OUTPUT -p tcp -m tcp --dport 80 -j others -A personal -j MARK --set-mark 40 -A others -j MARK --set-mark 20 Here's my iptables -L -v -t mangle -x output Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes) pkts bytes target prot opt in out source destination 11105 14785525 personal tcp -- anyany anywhere 192.168.1.145 tcp spt:webcache 28465 2233910 others tcp -- anyany anywhere anywheretcp dpt:www Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes) pkts bytes target prot opt in out source destination Chain others (1 references) pkts bytes target prot opt in out source destination 28465 2233910 MARK all -- anyany anywhere anywhereMARK set 0x14 Chain personal (1 references) pkts bytes target prot opt in out source destination 11105 14785525 MARK all -- anyany anywhere anywhereMARK set 0x28 Chain personal1 (0 references) pkts bytes target prot opt in out source destination Here's my /sbin/tc -s qdisc show dev eth1 qdisc sfq 80: limit 128p quantum 1514b perturb 10sec Sent 386 bytes 5 pkts (dropped 0, overlimits 0) qdisc sfq 40: limit 128p quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 30: limit 128p quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 20: limit 128p quantum 1514b perturb 10sec Sent 12272 bytes 72 pkts (dropped 0, overlimits 0) qdisc sfq 10: limit 128p quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc htb 1: r2q 10 default 80 direct_packets_stat 0 Sent 12658 bytes 77 pkts (dropped 0, overlimits 0) tc -s -d filter show dev eth1 filter
Re: [LARTC] htb and fw problems
I can see the counter works in iptables, but in the htb, it doesn't go to the right class Please write what commands do you use to see the counter and what counter do you mean? I think counter for ip packets isn't it? You can try to see my problem in LARTC archive: HTB 3.13 please help. In my opinion you have bad configured packet marking. See my configuration of packet marking. I included it with archive posts in HTB 3.13 please help - Dear All, I'm using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9, and gentoo. I have a leased-line 64 kbps. I can see the counter works in iptables, but in the htb, it doesn't go to the right class (it always go to the default class). Any help will be appreciated here's my htb conf #!/bin/bash tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1: htb default 80 tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbps ceil 65kbps tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbps ceil 35kbps prio 3 tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbps ceil 10kbps prio 0 tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbps ceil 11kbps prio 2 tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbps ceil 40kbps prio 1 tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbps ceil 10kbps prio 4 tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10 tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10 tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10 tc filter add dev eth1 parent 1:0 protocol ip handle 10 fw flowid 1:10 tc filter add dev eth1 parent 1:0 protocol ip handle 20 fw flowid 1:20 tc filter add dev eth1 protocol ip parent 1:0 handle 30 fw flowid 1:30 tc filter add dev eth1 parent 1:0 protocol ip handle 40 fw classid 1:40 tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80 Here's my iptables rules*mangle :PREROUTING ACCEPT [1061:863210] :INPUT ACCEPT [1022:857788] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [947:201743] :POSTROUTING ACCEPT [947:201743] -N personal -N others -N personal1 #-A OUTPUT -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2 -A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j personal #-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 20 -A OUTPUT -p tcp -m tcp --dport 80 -j others -A personal -j MARK --set-mark 40 -A others -j MARK --set-mark 20 Here's my iptables -L -v -t mangle -x output Chain PREROUTING (policy ACCEPT 580535 packets, 176796832 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 573475 packets, 174919251 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 5656 packets, 1810367 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 598621 packets, 392036436 bytes) pkts bytes target prot opt in out source destination 11105 14785525 personal tcp -- anyany anywhere 192.168.1.145 tcp spt:webcache 28465 2233910 others tcp -- anyany anywhere anywheretcp dpt:www Chain POSTROUTING (policy ACCEPT 604295 packets, 393851150 bytes) pkts bytes target prot opt in out source destination Chain others (1 references) pkts bytes target prot opt in out source destination 28465 2233910 MARK all -- anyany anywhere anywhereMARK set 0x14 Chain personal (1 references) pkts bytes target prot opt in out source destination 11105 14785525 MARK all -- anyany anywhere anywhereMARK set 0x28 Chain personal1 (0 references) pkts bytes target prot opt in out source destination Here's my /sbin/tc -s qdisc show dev eth1 qdisc sfq 80: limit 128p quantum 1514b perturb 10sec Sent 386 bytes 5 pkts (dropped 0, overlimits 0) qdisc sfq 40: limit 128p quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 30: limit 128p quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 20: limit 128p quantum 1514b perturb 10sec Sent 12272 bytes 72 pkts (dropped 0, overlimits 0) qdisc sfq 10: limit 128p quantum 1514b perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc htb 1: r2q 10 default 80 direct_packets_stat 0 Sent 12658 bytes 77 pkts (dropped 0, overlimits 0) tc -s -d filter show dev eth1 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x50 classid 1:80 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x28
Re: [LARTC] Urgen Help:Kernel crashed in HTB.
HiAll I patched htb3.6 to mips liunx 2.4.17.But when I run htb,the mips linux box will say: Unhandled kernel unaligned access in unaligned.c:emulate_load_store_insn, line 346.Then the kernel crashed . Would anyone like to tell me how to solve this problem?Thank you very much! Upgrade your kernel to 2.4.20 at least. I'm sugesting 2.4.26. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng + NAT
class ( $adsl_medium ) if meta_nfmark == 0x30; It works great. Thanks for help :D. Hello, you can try: . . . // ip header type of service class ( $adsl_high ) if ip_tos == 0x80; // metadata packet mark class ( $adsl_medium ) if meta_nfmark == 0x30; . . . Cheers Charles On Mon, 2004-08-02 at 18:02, [EMAIL PROTECTED] wrote: Does anybody know how to you use tcng with packet marking. I'm masquerading my connection so to shape outbound traffic I need to mark packets with iptables. But how to you make tcng to recognize marked packets? Thanks for your help. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng + NAT
Does anybody know how to you use tcng with packet marking. I'm masquerading my connection so to shape outbound traffic I need to mark packets with iptables. But how to you make tcng to recognize marked packets? Thanks for your help.
Re: [LARTC] return routes
What do you mean : If I set the default gateway to eth0 but send the mail thru eth1, the outgoing mail does in fact go correctly out, ? How are you doing this? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Re: HTB 3.13 please help
//Just to not forget eth0 is WAN and eth1 is LAN . The box is NATing my lan. I configured tcng to shape both download and upload and i got connection loss again. Maybe it is my script fault or it is something bad with packets marking . this is how i mark outgoing packets iptables -t mangle -A MYSHAPER-OUT -p tcp -s 192.168.1.23 -j MARK --set-mark $ip and this part of my script which is intented to shape upload: dev eth0 { egress { class ($default) if 1; htb ( r2q 1 ) { class ( rate 800kbps, ceil 800kbps ) { //192.168.1.0--- $ruter = class ( rate 15kbps, ceil 250kbps ) { sfq( perturb 10secs, quantum 1500Bytes ); } ; fw { class $ruter on (23); //ruter- //- fw }//fw }//main class }//htb }//egress }//eth0(none):/skrytpy# and these are a bit of `tc -s -d class show dev eth0` prints while connection loss after running my tcng script : class htb 2:f parent 2:1 leaf 10: prio 0 quantum 1875 rate 1875bps ceil 15000bps burst 1617b/8 mpu 0b cburst 1749b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 706914 ctokens: 95572 class htb 2:1e parent 2:1 leaf 1f: prio 0 quantum 1875 rate 1875bps ceil 15000bps burst 1617b/8 mpu 0b cburst 1749b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 706914 ctokens: 95572 class htb 2:2d parent 2:1 leaf 2e: prio 0 quantum 1875 rate 1875bps ceil 15000bps burst 1617b/8 mpu 0b cburst 1749b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 706914 ctokens: 95572 that is interesting. let me know then. other test might be to reboot with maxcpus=1 to mitigate smp related bugs. On Sat, 25 Jan 2003 [EMAIL PROTECTED] wrote: Yes I'm using smp kernel. I thought that i make some error that i canot see so i decided to write my classes using tcng this time. Currently i'm shaping only outgoing traffic to my local network(using tcng) and it seems to work (it work one day without errors). Today i'm going to configure upload too. The difference i could see at once is that there is no connection loss when i'm starting htb. - Original Message - From: devik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: lartc [EMAIL PROTECTED] Sent: Sunday, July 25, 2004 10:26 AM Subject: Re: [LARTC] Re: HTB 3.13 please help From the stats is seems that no data are queued - as if nobody is sending them. You are using smp kernel, is your box SMP ? I haven't seen many smp+htb boxes thus there might be possibility of a bug... devik On Thu, 23 Jan 2003 [EMAIL PROTECTED] wrote: I've attached outputs for eth0 and eth1. I was trying to get this script running. I've added one class for my NATed BOX, and it helped. Shaping was stable almost one day but then i added prio 0 to eth0 filters and prio 0 for eth1 filters it has braken. So i removed every prio 0 and reboot the box but it didnt helped :(. I've noticed that when the traffic is not much (14 hosts from 50 are up) tc/htb works very well. If you want new version of my script say a word. - Original Message - From: devik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 22, 2004 3:48 PM Subject: Re: HTB 3.13 please help I need tc -s -d class show dev xxx output during that non-working period. 3.6 is older than 3.13. --- Martin Devera aka devik Linux kernel QoS/HTB maintainer http://luxik.cdi.cz/~devik/ On Wed, 21 Jul 2004 [EMAIL PROTECTED] wrote: Thanks for your reply. I've recent put my problem on lartc list. I'm using htb 3.13 in 2-4-25smp. I wonder if upgrade to 3.6 will help? Could you be so kind and take a look at it. I'll be grateful. If you have no time for me i'll understand and try to resolve it for myself. Thanks. Hello everybody! Since week i dig lists and www and can't find solution for my problem. I'm using HTB 3.13 kernel 2-4-25 smp iptables 1.2.9. I've got situation like this: LAN--Linux Box(routing only)--- Linux Box (HTB)--Hardware Router(say:HD)--Internet When I start HTB it takes about 5 min. to start working and it works... within this 5min starting i can't ping HD and after about 5min I start pinging. It works like this for cuple of hours, then something strange is happening. Ping stops, www doesn't work but radio (36kbps) (from clients) works. There is no ping at all for about 1min and it starts pinging for about 2-3min and it stops for 1-2min and so on. When I stop HTB
Re: [LARTC] Re: HTB 3.13 please help
oops. I took bad classes (these clients where down so there was no traffic ) lately from tc -s -d class show dev eth0. These are classes (part of) while there was no connection from clients. BTW is it good tcng config with fw. I mean if fw { class $classname on (2); } means match packet to $classname if it's mark equals 2 ? Is there any kind of sniffer or smth like that for tc? I mean to look in realtime packet statistics. Smthing like iptraf maybe? class htb 2:1 root rate 800Kbit ceil 800Kbit burst 2623b/8 mpu 0b cburst 2623b/8 mpu 0b level 7 Sent 21958200 bytes 38721 pkts (dropped 0, overlimits 0) rate 47328bps 68pps lended: 22026 borrowed: 0 giants: 0 tokens: 20609 ctokens: 20609 class htb 2:10 parent 2:1 leaf 10: prio 0 quantum 1920 rate 15Kbit ceil 100Kbit burst 1618b/8 mpu 0b cburst 1727b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 690773 ctokens: 110592 class htb 2:23 parent 2:1 leaf 23: prio 0 quantum 1920 rate 15Kbit ceil 100Kbit burst 1618b/8 mpu 0b cburst 1727b/8 mpu 0b level 0 Sent 2490197 bytes 3069 pkts (dropped 0, overlimits 0) rate 5157bps 5pps lended: 1015 borrowed: 2054 giants: 0 tokens: -475203 ctokens: -30720 class htb 2:32 parent 2:1 leaf 32: prio 0 quantum 1920 rate 15Kbit ceil 100Kbit burst 1618b/8 mpu 0b cburst 1727b/8 mpu 0b level 0 Sent 476682 bytes 1633 pkts (dropped 0, overlimits 0) rate 661bps 2pps lended: 745 borrowed: 888 giants: 0 tokens: -235603 ctokens: 107520 class htb 2:54 parent 2:1 leaf 54: prio 0 quantum 1920 rate 15Kbit ceil 20Kbit burst 1618b/8 mpu 0b cburst 1624b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 690773 ctokens: 51 class htb 2:20 parent 2:1 leaf 20: prio 0 quantum 1920 rate 15Kbit ceil 100Kbit burst 1618b/8 mpu 0b cburst 1727b/8 mpu 0b level 0 Sent 108 bytes 2 pkts (dropped 0, overlimits 0) lended: 2 borrowed: 0 giants: 0 tokens: 649813 ctokens: 104448 - Original Message - From: devik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: lartc [EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 3:30 PM Subject: Re: [LARTC] Re: HTB 3.13 please help as you can see, NO packets are going thru. You have to look to other classes as well as to ifconfig and tc -s qdisc show dev xxx to see wherw packets are lost. On Wed, 28 Jul 2004 [EMAIL PROTECTED] wrote: //Just to not forget eth0 is WAN and eth1 is LAN . The box is NATing my lan. I configured tcng to shape both download and upload and i got connection loss again. Maybe it is my script fault or it is something bad with packets marking . this is how i mark outgoing packets iptables -t mangle -A MYSHAPER-OUT -p tcp -s 192.168.1.23 -j MARK --set-mark $ip and this part of my script which is intented to shape upload: dev eth0 { egress { class ($default) if 1; htb ( r2q 1 ) { class ( rate 800kbps, ceil 800kbps ) { //192.168.1.0--- $ruter = class ( rate 15kbps, ceil 250kbps ) { sfq( perturb 10secs, quantum 1500Bytes ); } ; fw { class $ruter on (23); //ruter- //- fw }//fw }//main class }//htb }//egress }//eth0(none):/skrytpy# and these are a bit of `tc -s -d class show dev eth0` prints while connection loss after running my tcng script : class htb 2:f parent 2:1 leaf 10: prio 0 quantum 1875 rate 1875bps ceil 15000bps burst 1617b/8 mpu 0b cburst 1749b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 706914 ctokens: 95572 class htb 2:1e parent 2:1 leaf 1f: prio 0 quantum 1875 rate 1875bps ceil 15000bps burst 1617b/8 mpu 0b cburst 1749b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 706914 ctokens: 95572 class htb 2:2d parent 2:1 leaf 2e: prio 0 quantum 1875 rate 1875bps ceil 15000bps burst 1617b/8 mpu 0b cburst 1749b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 706914 ctokens: 95572 that is interesting. let me know then. other test might be to reboot with maxcpus=1 to mitigate smp related bugs. On Sat, 25 Jan 2003 [EMAIL PROTECTED] wrote: Yes I'm using smp kernel. I thought that i make some error that i canot see so i decided to write my classes using tcng this time. Currently i'm shaping only outgoing traffic to my local network(using tcng) and it seems to work (it work one day without errors). Today i'm going to configure upload too. The difference i could see at once is that there is no connection loss when i'm starting htb. - Original Message - From: devik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: lartc
Re: [LARTC] HTB classifying
Martin Brown has right but his answer is not full. I see at least one error in your script. I see you arew shaping on wlan0. You must know that you can only shape outgoing traffic so if your node is downloading by ftp i'ts ok, but if the node start to upload shaping on wlan0 won't work. In that case you must shape on eth0. And second thing: Because you shape towards 192.168.2.224 you can not write ...ip src 192.168.2.224/32. You must write ...ip dst 192.168.2.224. /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \ match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 Take some more reading :) Good luck. - Original Message - From: Mpourtounis Dimitris [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED] Sent: Saturday, July 24, 2004 11:39 PM Subject: Re: [LARTC] HTB classifying Ok then... BOX with 2 ifaces eth0 : 192.168.1.3/24 , NAT 192.168.2.0/24 wlan0:192.168.2.3/24 , gw 192.168.1.1(it is an adsl mode in fact) All i want to do is make sure that a)node 192.168.2.224 doesnt get more than 50 bits/sec b)its ssh,sftp (port 22) traffic is limited at 30 bits/sec and c)add more shaped nodes in my script. When i start downloading from node, its http taffic for examle is really shaped at 50. When i start downloading via sftp (port 22), its sftp traffic is really shaped at 30. But, if when there is an http as well as an sftp session at the same time, total bandwidth is at 80. Thanks in advance (and sorry for being so short, i will get used to explaining my problems briefly...) #My.notworking.script /sbin/tc qdisc add dev wlan0 root handle 1:0 htb r2q 100 /sbin/tc class add dev wlan0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev wlan0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 \ match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev wlan0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev wlan0 parent 1:0 protocol ip prio 100 u32 match \ ip src 192.168.2.224/32 classid 1:12 - Original Message - From: [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED]; Mpourtounis Dimitris [EMAIL PROTECTED] Sent: Friday, January 24, 2003 2:13 AM Subject: Re: [LARTC] HTB classifying OK what's the address of eth0? Is the BOX with NAT ? I think you could send a bit of your true script and describe a bit of your network especially the part when this situation is happeniing . If you really afraid of smth like hack attack change IP adressess. Although i have done so ,you are right. I should have included this too in my (e-mail) configuration... BTW,Any idea of the situation - Original Message - From: [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED]; Mpourtounis Dimitris [EMAIL PROTECTED] Sent: Friday, January 24, 2003 1:21 AM Subject: Re: [LARTC] HTB classifying Maybe it's my oversight but shoudn't you have tc qdisc add dev eth0 root handle 1:0 htb before rest of your instructions ?? I am trying to shape a client (somewhat advanced). This is my target: Client is 192.168.2.224. I would like to allow him to download with 50 bits/sec in general. But, for a specific port(say 22), i would like him to download with 30 bit/sec only. The problem is that my configuration (maybe wrong) allows him to download with 80 bit/sec. (50 generally + 30 on port 22) I thought that having classes 1:11 and 1:12 being children of a class with rate 50, 50 would be the maximum... Can htb to this? Can another queue do this? /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 classid 1:12 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Re: HTB 3.13 please help
Yes I'm using smp kernel. I thought that i make some error that i canot see so i decided to write my classes using tcng this time. Currently i'm shaping only outgoing traffic to my local network(using tcng) and it seems to work (it work one day without errors). Today i'm going to configure upload too. The difference i could see at once is that there is no connection loss when i'm starting htb. - Original Message - From: devik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: lartc [EMAIL PROTECTED] Sent: Sunday, July 25, 2004 10:26 AM Subject: Re: [LARTC] Re: HTB 3.13 please help From the stats is seems that no data are queued - as if nobody is sending them. You are using smp kernel, is your box SMP ? I haven't seen many smp+htb boxes thus there might be possibility of a bug... devik On Thu, 23 Jan 2003 [EMAIL PROTECTED] wrote: I've attached outputs for eth0 and eth1. I was trying to get this script running. I've added one class for my NATed BOX, and it helped. Shaping was stable almost one day but then i added prio 0 to eth0 filters and prio 0 for eth1 filters it has braken. So i removed every prio 0 and reboot the box but it didnt helped :(. I've noticed that when the traffic is not much (14 hosts from 50 are up) tc/htb works very well. If you want new version of my script say a word. - Original Message - From: devik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 22, 2004 3:48 PM Subject: Re: HTB 3.13 please help I need tc -s -d class show dev xxx output during that non-working period. 3.6 is older than 3.13. --- Martin Devera aka devik Linux kernel QoS/HTB maintainer http://luxik.cdi.cz/~devik/ On Wed, 21 Jul 2004 [EMAIL PROTECTED] wrote: Thanks for your reply. I've recent put my problem on lartc list. I'm using htb 3.13 in 2-4-25smp. I wonder if upgrade to 3.6 will help? Could you be so kind and take a look at it. I'll be grateful. If you have no time for me i'll understand and try to resolve it for myself. Thanks. Hello everybody! Since week i dig lists and www and can't find solution for my problem. I'm using HTB 3.13 kernel 2-4-25 smp iptables 1.2.9. I've got situation like this: LAN--Linux Box(routing only)--- Linux Box (HTB)--Hardware Router(say:HD)--Internet When I start HTB it takes about 5 min. to start working and it works... within this 5min starting i can't ping HD and after about 5min I start pinging. It works like this for cuple of hours, then something strange is happening. Ping stops, www doesn't work but radio (36kbps) (from clients) works. There is no ping at all for about 1min and it starts pinging for about 2-3min and it stops for 1-2min and so on. When I stop HTB ping starts. It's look like HTB is filled to much(sorry for my english :/) All my children classes rate doesn't exceeds root classes. I have 50 classes on 900kbit-10kbit(for default class) - downstream and 800-10kbit(for default) up. I shape bandwidth matching ip. r2q is set to 1 . no erros during doing shape script. I'm attaching this script in ip1 is file where are written ip's for C classes. I'm including my script. ---cut here --- #!/bin/bash #x=$[100/20] #echo $1 /skrytpy/status rxmax=900 #WAN max transfer -down (physically it is 960kbit/960kbit) kbit=kbit rxmaxluser=250 txmax=800 #WAN max transfer - up txmaxluser=100 #counting users # ip1 file is like this: # 11 #Somebody # 23 #Somebody II #EOF licznik=0 for x in $(awk '{ print $1 }' /skrytpy/ip1); do licznik=$[$licznik+1] done #Server licznik=$[$licznik+1] #plus router licznik=$[$licznik+1] echo number of users to $licznik #counting rate rx1=$[$rxmax-10] tx1=$[$txmax-10] # dla klasy domyslnej rxmin=$[$rx1/$licznik] txmin=$[$tx1/$licznik] echo rx $rxmin tx $txmin #echo $rxmin #root classes #rx tc qdisc del root dev eth1 tc qdisc add dev eth1 root handle 1:0 htb r2q 1 default 2 tc class add dev eth1 parent 1:0 classid 1:1 htb rate $rxmax$kbit ceil $rxmax$kbit #tx tc qdisc del root dev eth0 tc qdisc add dev eth0 root handle 2:0 htb r2q 1 default 4 tc class add dev eth0 parent 2:0 classid 2:1 htb rate $txmax$kbit ceil $txmax$kbit #r=$rxmax$kbit #default classes #rx tc class add dev eth1 parent 1:1 classid 1:2 htb rate 10kbit ceil 10kbit #tx tc class add dev eth0 parent 2:1 classid 2:4 htb rate 10kbit ceil 10kbit #siec 1.0 siec=1 for ip in $(awk '{ print $1 }' /skrytpy/ip1); do echo -n $ip #rx tc class add dev
Re: [LARTC] HTB classifying
Maybe it's my oversight but shoudn't you have tc qdisc add dev eth0 root handle 1:0 htb before rest of your instructions ?? I am trying to shape a client (somewhat advanced). This is my target: Client is 192.168.2.224. I would like to allow him to download with 50 bits/sec in general. But, for a specific port(say 22), i would like him to download with 30 bit/sec only. The problem is that my configuration (maybe wrong) allows him to download with 80 bit/sec. (50 generally + 30 on port 22) I thought that having classes 1:11 and 1:12 being children of a class with rate 50, 50 would be the maximum... Can htb to this? Can another queue do this? /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 classid 1:12 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Failover connection question
As I understood you have two connections and one is not used until the second comes down? If yes try to add script to cron which chekcs if connection is up (ping your's provider router) and if it's down simply it shoud up the second interface and add new default route : ifconfig .. route del default route add default ... Is it what you want ? I'm still trying to figure out this problem, I appreciate any suggestions... What I'd like to do is have a second default gateway path that never gets taken unless the first one goes into the dead state. I have installed Julian's patch and it works great for loadballanced connections using the nexthop code, but I would like to setup the second default route to be the failover only if the first one becomes unavailable. Is this possible? How might I do this? regards, joshua ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB classifying
OK what's the address of eth0? Is the BOX with NAT ? I think you could send a bit of your true script and describe a bit of your network especially the part when this situation is happeniing . If you really afraid of smth like hack attack change IP adressess. Although i have done so ,you are right. I should have included this too in my (e-mail) configuration... BTW,Any idea of the situation - Original Message - From: [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED]; Mpourtounis Dimitris [EMAIL PROTECTED] Sent: Friday, January 24, 2003 1:21 AM Subject: Re: [LARTC] HTB classifying Maybe it's my oversight but shoudn't you have tc qdisc add dev eth0 root handle 1:0 htb before rest of your instructions ?? I am trying to shape a client (somewhat advanced). This is my target: Client is 192.168.2.224. I would like to allow him to download with 50 bits/sec in general. But, for a specific port(say 22), i would like him to download with 30 bit/sec only. The problem is that my configuration (maybe wrong) allows him to download with 80 bit/sec. (50 generally + 30 on port 22) I thought that having classes 1:11 and 1:12 being children of a class with rate 50, 50 would be the maximum... Can htb to this? Can another queue do this? /sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 50 /sbin/tc class add dev eth0 parent 1:10 classid 1:11 htb rate 30 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 \ match ip sport 80 0x classid 1:11 /sbin/tc class add dev eth0 parent 1:10 classid 1:12 htb rate 50 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 192.168.2.224/32 classid 1:12 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: HTB 3.13 please help
I've attached outputs for eth0 and eth1. I was trying to get this script running. I've added one class for my NATed BOX, and it helped. Shaping was stable almost one day but then i added prio 0 to eth0 filters and prio 0 for eth1 filters it has braken. So i removed every prio 0 and reboot the box but it didnt helped :(. I've noticed that when the traffic is not much (14 hosts from 50 are up) tc/htb works very well. If you want new version of my script say a word. - Original Message - From: devik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 22, 2004 3:48 PM Subject: Re: HTB 3.13 please help I need tc -s -d class show dev xxx output during that non-working period. 3.6 is older than 3.13. --- Martin Devera aka devik Linux kernel QoS/HTB maintainer http://luxik.cdi.cz/~devik/ On Wed, 21 Jul 2004 [EMAIL PROTECTED] wrote: Thanks for your reply. I've recent put my problem on lartc list. I'm using htb 3.13 in 2-4-25smp. I wonder if upgrade to 3.6 will help? Could you be so kind and take a look at it. I'll be grateful. If you have no time for me i'll understand and try to resolve it for myself. Thanks. Hello everybody! Since week i dig lists and www and can't find solution for my problem. I'm using HTB 3.13 kernel 2-4-25 smp iptables 1.2.9. I've got situation like this: LAN--Linux Box(routing only)--- Linux Box (HTB)--Hardware Router(say:HD)--Internet When I start HTB it takes about 5 min. to start working and it works... within this 5min starting i can't ping HD and after about 5min I start pinging. It works like this for cuple of hours, then something strange is happening. Ping stops, www doesn't work but radio (36kbps) (from clients) works. There is no ping at all for about 1min and it starts pinging for about 2-3min and it stops for 1-2min and so on. When I stop HTB ping starts. It's look like HTB is filled to much(sorry for my english :/) All my children classes rate doesn't exceeds root classes. I have 50 classes on 900kbit-10kbit(for default class) - downstream and 800-10kbit(for default) up. I shape bandwidth matching ip. r2q is set to 1 . no erros during doing shape script. I'm attaching this script in ip1 is file where are written ip's for C classes. I'm including my script. ---cut here --- #!/bin/bash #x=$[100/20] #echo $1 /skrytpy/status rxmax=900 #WAN max transfer -down (physically it is 960kbit/960kbit) kbit=kbit rxmaxluser=250 txmax=800 #WAN max transfer - up txmaxluser=100 #counting users # ip1 file is like this: # 11 #Somebody # 23 #Somebody II #EOF licznik=0 for x in $(awk '{ print $1 }' /skrytpy/ip1); do licznik=$[$licznik+1] done #Server licznik=$[$licznik+1] #plus router licznik=$[$licznik+1] echo number of users to $licznik #counting rate rx1=$[$rxmax-10] tx1=$[$txmax-10] # dla klasy domyslnej rxmin=$[$rx1/$licznik] txmin=$[$tx1/$licznik] echo rx $rxmin tx $txmin #echo $rxmin #root classes #rx tc qdisc del root dev eth1 tc qdisc add dev eth1 root handle 1:0 htb r2q 1 default 2 tc class add dev eth1 parent 1:0 classid 1:1 htb rate $rxmax$kbit ceil $rxmax$kbit #tx tc qdisc del root dev eth0 tc qdisc add dev eth0 root handle 2:0 htb r2q 1 default 4 tc class add dev eth0 parent 2:0 classid 2:1 htb rate $txmax$kbit ceil $txmax$kbit #r=$rxmax$kbit #default classes #rx tc class add dev eth1 parent 1:1 classid 1:2 htb rate 10kbit ceil 10kbit #tx tc class add dev eth0 parent 2:1 classid 2:4 htb rate 10kbit ceil 10kbit #siec 1.0 siec=1 for ip in $(awk '{ print $1 }' /skrytpy/ip1); do echo -n $ip #rx tc class add dev eth1 parent 1:1 classid 1:$ip htb rate $rxmin$kbit ceil $rxmaxluser$kbit tc filter add dev eth1 protocol ip parent 1:0 u32 match ip dst 192.168.$siec.$ip flowid 1:$ip tc qdisc add dev eth1 parent 1:$ip handle $ip:0 sfq perturb 10 #tx #marking packets iptables -t mangle -A MYSHAPER-OUT -p tcp -s 192.168.$siec.$ip -j MARK --set-mark $ip #tc tc class add dev eth0 parent 2:1 classid 2:$ip htb rate $txmin$kbit ceil $txmaxluser$kbit #filtering by mark tc filter add dev eth0 protocol ip preference 1 parent 2:0 handle $ip fw flowid 2:$ip tc qdisc add dev eth0 parent 2:$ip handle $ip:1 sfq perturb 10 done echo cut here -- #this is tc class -s -d show dev eth1 class htb 1:11 parent 1:1 leaf 11: prio 0 quantum 2176 rate 17Kbit ceil 250Kbit burst 1620b/8 mpu 0b cburst 1919b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 610258 ctokens: 49152 class htb 1:22
Re: [LARTC] TC Hashing Filters
Well, my problem was like that: I've got Box to NAT and traffic shaping. From time to time i cant ping anythin - i just loose connection because of tc - when delete tc classes the conection comes back. I've posted my script to the list but i'm attaching it for you now too. I'm shaping by ip dst (down my network) and by marking packets (up). Lately I've added special class for my NAT machine and it helped. And my last observation is that it has been working for about 24h; and then I added prio 0 to my filters and everything has braken. But when i removed prio and reset machine it wasnt come back to the state before i added prio. (Gr damn thing). I've noticed that if there is small traffic (in night when 14 hosts are up) the connection is stable. I'mn attaching my script. It's simple - I have private networks 192.168.1.0 192.168.2.0 192.168.3.0 192.168.4.0 192.168.6.0, so the hosts are in files ipX for example for network 192.168.2.0 this file is ip2 and so on. This script is quite long because of a few loops :). Thanks for your help. The problem I had actually had to do with a perl script. I was unable to enter more than 2045 commands using the script. If I were you, I'd try changing that prio to something more reasonable to your needs just in case. If that doesn't work, just post your problem in as much detail as possible and I'll see what I can do (if you haven't already). Adam Towarnyckyj -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 21, 2003 5:45 PM To: [EMAIL PROTECTED] Subject: Re: [LARTC] TC Hashing Filters Could you please send me describe of your problem because im on the list from short time and dont have this description and i have problem with tc too. I saw i have prio set to some strange number like 49456 or somthing like that. My problem was i loose connection from LAN computer( there is no ping ) from time to time. - Original Message - From: Adam Towarnyckyj [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 22, 2004 11:07 PM Subject: RE: [LARTC] TC Hashing Filters Dear list, After much code crunching and beating my head against the wall (literally), I discovered the faulty code. Thanks mostly to gypsy who played a huge role in helping me discover the problem. My tc filter line had an error in it which completely baffles me because it worked up until 2045 lines were entered. Old command: tc filter add dev $dev protocol ip parent 12: u32 ht 2:$table1: ht 3:$table2: match ip dst $ip/32 flowid 12:$classid New command: tc filter add dev $dev protocol ip parent 12: prio 5 u32 ht 2:$table1: ht 3:$table2: match ip dst $ip/32 flowid 12:$classid Who would have thought that a prio would cause that much trouble? I mean, I know in the documentation it says that it is required for CLASS commands, but since there's nothing on filters, I had no clue. And usually if a command requires a parameter, it will error immediately and not wait for 2045 entries. Also, why the hell would the priority cause a problem like that to begin with?! Weird. Anyways, THANKS EVERYONE! (gypsy, Catalin, and Ed especially) It all works, it's very resource friendly, and all is good again (and I get to keep my job)! The processor is only about 20% in use now. I'm very grateful for the hashing filter suggestion from Ed. Thanks a ton. I will be posting a How To shortly so others can do the same if they ever need to. Thanks again! Adam Towarnyckyj -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gypsy Sent: Thursday, July 15, 2004 8:37 PM To: [EMAIL PROTECTED]; LARTC Subject: Re: [LARTC] TC Hashing Filters Adam Towarnyckyj wrote: Any tc filter command I try to add from here on out gives me the same error even if I try it manually instead of using the script. Adam, That is a killer. Please read the following and then, when we both have the same information, I'm going to try again to assist you. HINT TO READERS: I hope someone else will help us both because I have obligations that I'm stealing time from that I can ill afford. There is a LARTC mailing list thread dated (about) 24 thru 26 June 2003 between Trevor Warren and Michael Ulitskiy whose Subject is u32 clarification...limits on 2000??? Please use your favorite method to find it. Note that there may be kernel issues not mentioned by them; kernels change. I'd like to suggest that you see if anyone involved in that thread will send you a testing script; perhaps you could find a way to start with a working setup and then apply minor changes until either it breaks or it suits you. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___
Re: [LARTC] Problems routing mail to particular interface
POM is patch-o-matic. There are useful kernel patches for routing etc. Most of them works but some are very unstable. google for it. - Original Message - From: Jens [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 5:05 AM Subject: Re: [LARTC] Problems routing mail to particular interface On Thursday 22 July 2004 17:33, George Alexandru Dragoi wrote: Try also following thigs: install ROUTE extension from POM Could you explain this one please ? I don't know what you are talking about. Thanks Jens ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] marking and shaping outbound passive ftp traffic
OK nix. I have problems in my network thats why it has been so long. I dont guarantee this script works but it's written exactly as mine but the difference is in marking packets for shaper. Try it. I will not test it because I have problems with my server ...sorry. If you want you can give me access to your server so i can apply this script in case of any errors. Good luck. --- #eth0 goes to the world iptables -t mangle -X MYSHAPER-OUT iptables -t mangle -N MYSHAPER-OUT iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 5:6 -j MARK --set-mark 3 #My concept is that averything goes to default class but outbound ftp goes to limited class #del any previous root tc qdisc del root dev eth0 #add root qdisc tc qdisc add dev eth0 root handle 2:0 htb r2q 10 default 4 #main class tc class add dev eth0 parent 2:0 classid 2:1 htb rate 512kbit ceil 512kbit #defining default class #guaranted rate is 320kbps for default traffic tc class add dev eth0 parent 2:1 classid 2:4 htb rate 320kbit ceil 512kbit tc class add dev eth0 parent 2:1 classid 2:2 htb rate 200kbit ceil 300kbit tc qdisc add dev eth0 parent 2:2 handle 3:1 sfq perturb 10 #filtering by mark tc filter add dev eth0 protocol ip preference 1 parent 2:0 handle 3 fw flowid 2:3 --- Will the following rules work to mark and shape OUTBOUND ftp speed (passive ftp ports 5-6) on my linux server? I want to be able to run these commands on the actual computer that is running the ftp server. iptables -t mangle -N MYSHAPER-OUT iptables -t mangle -I POSTROUTING -o eth0 -j MYSHAPER-OUT iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 5:6 -j MARK --set-mark 1 tc class add dev eth0 mark 1 htb rate 10 kbit I tried it but the tc line fails with Error: Qdisc mark is classless. Any help would be greatly appreciated. Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB tc
Check if you have HTB support in your kernel. it must be in kernel/net/sched - Original Message - From: Antonin Karasek [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 22, 2004 6:58 PM Subject: [LARTC] HTB tc Hi, I'm trying to make run a simple shaping *through HTB*. I have compiled a new kernel 2.4.21. First command from http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm said: # tc qdisc add dev eth0 root handle 1: htb default 12 RTNETLINK answers: Invalid argument I tryed both standard tc from Debian stable and http://luxik.cdi.cz/~devik/qos/htb/v2/tc.gz this one... I tryed htb.init-v0.8.5 from SourceForge with htb-lartc.tar.gz configuration from the same site. The script doesn't report any error, but : skatach:~/bin# ./htb.init-v0.8.5 start skatach:~/bin# tc filter show dev eth0 skatach:~/bin# tc class show dev eth0 skatach:~/bin# tc qdisc show As I guess, it means, that there isn't any class. It isn't, what I want :( Any ideas, where the problem can be? Many thanks. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TC Hashing Filters
1.I have commands to make filters like your old but have no this: ht 2:$table1: ht 3:$table2: what is it? 2. What was your problem? I'm new to this list and dont have your previous email. Old command: tc filter add dev $dev protocol ip parent 12: u32 ht 2:$table1: ht 3:$table2: match ip dst $ip/32 flowid 12:$classid New command: tc filter add dev $dev protocol ip parent 12: prio 5 u32 ht 2:$table1: ht 3:$table2: match ip dst $ip/32 flowid 12:$classid Who would have thought that a prio would cause that much trouble? I mean, I know in the documentation it says that it is required for CLASS commands, but since there's nothing on filters, I had no clue. And usually if a command requires a parameter, it will error immediately and not wait for 2045 entries. Also, why the hell would the priority cause a problem like that to begin with?! Weird. Anyways, THANKS EVERYONE! (gypsy, Catalin, and Ed especially) It all works, it's very resource friendly, and all is good again (and I get to keep my job)! The processor is only about 20% in use now. I'm very grateful for the hashing filter suggestion from Ed. Thanks a ton. I will be posting a How To shortly so others can do the same if they ever need to. Thanks again! Adam Towarnyckyj -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gypsy Sent: Thursday, July 15, 2004 8:37 PM To: [EMAIL PROTECTED]; LARTC Subject: Re: [LARTC] TC Hashing Filters Adam Towarnyckyj wrote: Any tc filter command I try to add from here on out gives me the same error even if I try it manually instead of using the script. Adam, That is a killer. Please read the following and then, when we both have the same information, I'm going to try again to assist you. HINT TO READERS: I hope someone else will help us both because I have obligations that I'm stealing time from that I can ill afford. There is a LARTC mailing list thread dated (about) 24 thru 26 June 2003 between Trevor Warren and Michael Ulitskiy whose Subject is u32 clarification...limits on 2000??? Please use your favorite method to find it. Note that there may be kernel issues not mentioned by them; kernels change. I'd like to suggest that you see if anyone involved in that thread will send you a testing script; perhaps you could find a way to start with a working setup and then apply minor changes until either it breaks or it suits you. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] shaping passive ftp traffic
I coud possibly help but I'm using tc + htb and dont know anything about wondershaper. If you want a script I could do it for you. - Original Message - From: nix4me [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 2:42 AM Subject: [LARTC] shaping passive ftp traffic Hi, I have tried unsuccesfully to limit my ftp server send speed in linux. I have an ipcop linux firewall/router with 2 nics. 1 nic (eth1) is connected to a 3mbit/384Kbit cable connection and the other (eth0) a switch. Behind it i have a suse linux box and a windows box. On the suse box i run proftpd. I need to shape my passive ftp send speed to 34KBytes because if it is maxed out at 45K it slows down all surfing on the entire network. I have tried running wondershaper-htb on the ipcop firewall and it limits my upload speed, but it still seems to slow down everything else a little bit. I notice a slow www experience however my ping times are good. Is there a simple way to just put a limit on the traffic coming from the passive ports (5-51000) from my proftpd computer? I just want to set a limit on ftp and not affect anything else. I have looked at all the documentation and I must admit that I dont understand any of it. It all seems to be too complicated for my needs. I hope someone out there is doing what I am trying to do. Thanks, Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] shaping passive ftp traffic
No i didnt but I've seen that is possible to get ftp into one class and rest traffic to the other class while using tc + htb. My traffic shaping is done by ip. Have you tried limiting the maximum outgoing bandwidth in proftpd itself? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 10:25 AM To: lartc; nix4me Subject: Re: [LARTC] shaping passive ftp traffic I coud possibly help but I'm using tc + htb and dont know anything about wondershaper. If you want a script I could do it for you. - Original Message - From: nix4me [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 2:42 AM Subject: [LARTC] shaping passive ftp traffic Hi, I have tried unsuccesfully to limit my ftp server send speed in linux. I have an ipcop linux firewall/router with 2 nics. 1 nic (eth1) is connected to a 3mbit/384Kbit cable connection and the other (eth0) a switch. Behind it i have a suse linux box and a windows box. On the suse box i run proftpd. I need to shape my passive ftp send speed to 34KBytes because if it is maxed out at 45K it slows down all surfing on the entire network. I have tried running wondershaper-htb on the ipcop firewall and it limits my upload speed, but it still seems to slow down everything else a little bit. I notice a slow www experience however my ping times are good. Is there a simple way to just put a limit on the traffic coming from the passive ports (5-51000) from my proftpd computer? I just want to set a limit on ftp and not affect anything else. I have looked at all the documentation and I must admit that I dont understand any of it. It all seems to be too complicated for my needs. I hope someone out there is doing what I am trying to do. Thanks, Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] : HTB - Really Big problem
I've found that i have messagess like this in /var/log/messages: Jul 20 20:11:26 (none) last message repeated 9 times Jul 20 20:11:30 (none) kernel: NET: 173 messages suppressed. Jul 20 20:11:30 (none) kernel: dst cache overflow Jul 20 20:12:59 (none) kernel: NET: 14 messages suppressed. - Original Message - From: [EMAIL PROTECTED] To: lartc [EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 6:28 PM Subject: Re: [LARTC] Fw: HTB - Really Big problem Here are the stats. If you want full stats please write then i'll send as attachment but it is 0,5MB. tc qdisc show qdisc sfq 3: dev eth0 quantum 1514b perturb 10sec qdisc sfq 138: dev eth0 quantum 1514b perturb 10sec qdisc sfq 53: dev eth0 quantum 1514b perturb 10sec qdisc sfq 54: dev eth0 quantum 1514b perturb 10sec qdisc sfq 140: dev eth0 quantum 1514b perturb 10sec qdisc sfq 137: dev eth0 quantum 1514b perturb 10sec .. qdisc sfq 11: dev eth0 quantum 1514b perturb 10sec qdisc sfq 10: dev eth0 quantum 1514b perturb 10sec qdisc sfq 9: dev eth0 quantum 1514b perturb 10sec qdisc htb 2: dev eth0 r2q 1 default 4 direct_packets_stat 0 qdisc sfq 3: dev eth1 quantum 1514b perturb 10sec qdisc sfq 138: dev eth1 quantum 1514b perturb 10sec . qdisc sfq 10: dev eth1 quantum 1514b perturb 10sec qdisc sfq 9: dev eth1 quantum 1514b perturb 10sec qdisc htb 1: dev eth1 r2q 1 default 2 direct_packets_stat 2 EOF tc filter show dev eth1: filter parent 1: protocol ip pref 49151 u32 filter parent 1: protocol ip pref 49151 u32 fh 831: ht divisor 1 filter parent 1: protocol ip pref 49151 u32 fh 831::800 order 2048 key ht 831 bkt 0 flowid 1:3 match c0a80502/ at 16 filter parent 1: protocol ip pref 49151 u32 fh 830: ht divisor 1 filter parent 1: protocol ip pref 49151 u32 fh 830::800 order 2048 key ht 830 bkt 0 flowid 1:138 match 3e57c18a/ at 16 filter parent 1: protocol ip pref 49151 u32 fh 82f: ht divisor 1 filter parent 1: protocol ip pref 49151 u32 fh 82f::800 order 2048 key ht 82f bkt 0 flowid 1:53 match c0a80235/ at 16 filter parent 1: protocol ip pref 49151 u32 fh 82e: ht divisor 1 filter parent 1: protocol ip pref 49151 u32 fh 82e::800 order 2048 key . #many lines filter parent 1: protocol ip pref 49152 u32 fh 802: ht divisor 1 filter parent 1: protocol ip pref 49152 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 1:11 match c0a8010b/ at 16 filter parent 1: protocol ip pref 49152 u32 fh 801: ht divisor 1 filter parent 1: protocol ip pref 49152 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:10 match c0a8010a/ at 16 filter parent 1: protocol ip pref 49152 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 49152 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:9 match c0a80109/ at 16 tc filter show dev eth0: tc filter show dev eth0 filter parent 2: protocol ip pref 1 fw filter parent 2: protocol ip pref 1 fw handle 0x3 classid 2:3 filter parent 2: protocol ip pref 1 fw handle 0x8 classid 2:8 filter parent 2: protocol ip pref 1 fw handle 0x9 classid 2:9 filter parent 2: protocol ip pref 1 fw handle 0xa classid 2:10 filter parent 2: protocol ip pref 1 fw handle 0xb classid 2:11 filter parent 2: protocol ip pref 1 fw handle 0xc classid 2:12 filter parent 2: protocol ip pref 1 fw handle 0xf classid 2:15 filter parent 2: protocol ip pref 1 fw handle 0x11 classid 2:17 ...#many lines filter parent 2: protocol ip pref 1 fw handle 0x97 classid 2:151 filter parent 2: protocol ip pref 1 fw handle 0x98 classid 2:152 filter parent 2: protocol ip pref 1 fw handle 0xbd classid 2:189 tc class show dev eth1: class htb 1:11 parent 1:1 leaf 11: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:22 parent 1:1 leaf 22: prio 0 rate 17Kbit ceil 250Kbit burst 1620b ... class htb 1:189 parent 1:1 leaf 189: prio 0 rate 17Kbit ceil 128Kbit burst 1620b cburst 1762b class htb 1:1 root rate 900Kbit ceil 900Kbit burst 2751b cburst 2751b class htb 1:10 parent 1:1 leaf 10: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:23 parent 1:1 leaf 23: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:32 parent 1:1 leaf 32: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:54 parent 1:1 leaf 54: prio 0 rate 17Kbit ceil 64Kbit burst 1620b cburst 1680b class htb 1:2 parent 1:1 prio 0 rate 10Kbit ceil 10Kbit burst 1611b cburst 1611b class htb 1:20 parent 1:1 leaf 20: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:64 parent 1:1 leaf 64: prio 0 rate 17Kbit ceil 250Kbit burst 1620b class htb 1:59 parent 1:1 leaf 59: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:58 parent 1:1 leaf 58: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b tc class show dev eth0: class htb 2:11 parent 2:1 leaf 11: prio 0 rate 15Kbit ceil 100Kbit burst 1618b cburst 1727b class htb 2:22 parent 2:1 leaf 22: prio 0 rate
Re: [LARTC] Fw: HTB - Really Big problem
Here are the stats. If you want full stats please write then i'll send as attachment but it is 0,5MB. tc qdisc show qdisc sfq 3: dev eth0 quantum 1514b perturb 10sec qdisc sfq 138: dev eth0 quantum 1514b perturb 10sec qdisc sfq 53: dev eth0 quantum 1514b perturb 10sec qdisc sfq 54: dev eth0 quantum 1514b perturb 10sec qdisc sfq 140: dev eth0 quantum 1514b perturb 10sec qdisc sfq 137: dev eth0 quantum 1514b perturb 10sec .. qdisc sfq 11: dev eth0 quantum 1514b perturb 10sec qdisc sfq 10: dev eth0 quantum 1514b perturb 10sec qdisc sfq 9: dev eth0 quantum 1514b perturb 10sec qdisc htb 2: dev eth0 r2q 1 default 4 direct_packets_stat 0 qdisc sfq 3: dev eth1 quantum 1514b perturb 10sec qdisc sfq 138: dev eth1 quantum 1514b perturb 10sec . qdisc sfq 10: dev eth1 quantum 1514b perturb 10sec qdisc sfq 9: dev eth1 quantum 1514b perturb 10sec qdisc htb 1: dev eth1 r2q 1 default 2 direct_packets_stat 2 EOF tc filter show dev eth1: filter parent 1: protocol ip pref 49151 u32 filter parent 1: protocol ip pref 49151 u32 fh 831: ht divisor 1 filter parent 1: protocol ip pref 49151 u32 fh 831::800 order 2048 key ht 831 bkt 0 flowid 1:3 match c0a80502/ at 16 filter parent 1: protocol ip pref 49151 u32 fh 830: ht divisor 1 filter parent 1: protocol ip pref 49151 u32 fh 830::800 order 2048 key ht 830 bkt 0 flowid 1:138 match 3e57c18a/ at 16 filter parent 1: protocol ip pref 49151 u32 fh 82f: ht divisor 1 filter parent 1: protocol ip pref 49151 u32 fh 82f::800 order 2048 key ht 82f bkt 0 flowid 1:53 match c0a80235/ at 16 filter parent 1: protocol ip pref 49151 u32 fh 82e: ht divisor 1 filter parent 1: protocol ip pref 49151 u32 fh 82e::800 order 2048 key . #many lines filter parent 1: protocol ip pref 49152 u32 fh 802: ht divisor 1 filter parent 1: protocol ip pref 49152 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 1:11 match c0a8010b/ at 16 filter parent 1: protocol ip pref 49152 u32 fh 801: ht divisor 1 filter parent 1: protocol ip pref 49152 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:10 match c0a8010a/ at 16 filter parent 1: protocol ip pref 49152 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 49152 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:9 match c0a80109/ at 16 tc filter show dev eth0: tc filter show dev eth0 filter parent 2: protocol ip pref 1 fw filter parent 2: protocol ip pref 1 fw handle 0x3 classid 2:3 filter parent 2: protocol ip pref 1 fw handle 0x8 classid 2:8 filter parent 2: protocol ip pref 1 fw handle 0x9 classid 2:9 filter parent 2: protocol ip pref 1 fw handle 0xa classid 2:10 filter parent 2: protocol ip pref 1 fw handle 0xb classid 2:11 filter parent 2: protocol ip pref 1 fw handle 0xc classid 2:12 filter parent 2: protocol ip pref 1 fw handle 0xf classid 2:15 filter parent 2: protocol ip pref 1 fw handle 0x11 classid 2:17 ...#many lines filter parent 2: protocol ip pref 1 fw handle 0x97 classid 2:151 filter parent 2: protocol ip pref 1 fw handle 0x98 classid 2:152 filter parent 2: protocol ip pref 1 fw handle 0xbd classid 2:189 tc class show dev eth1: class htb 1:11 parent 1:1 leaf 11: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:22 parent 1:1 leaf 22: prio 0 rate 17Kbit ceil 250Kbit burst 1620b ... class htb 1:189 parent 1:1 leaf 189: prio 0 rate 17Kbit ceil 128Kbit burst 1620b cburst 1762b class htb 1:1 root rate 900Kbit ceil 900Kbit burst 2751b cburst 2751b class htb 1:10 parent 1:1 leaf 10: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:23 parent 1:1 leaf 23: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:32 parent 1:1 leaf 32: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:54 parent 1:1 leaf 54: prio 0 rate 17Kbit ceil 64Kbit burst 1620b cburst 1680b class htb 1:2 parent 1:1 prio 0 rate 10Kbit ceil 10Kbit burst 1611b cburst 1611b class htb 1:20 parent 1:1 leaf 20: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:64 parent 1:1 leaf 64: prio 0 rate 17Kbit ceil 250Kbit burst 1620b class htb 1:59 parent 1:1 leaf 59: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b class htb 1:58 parent 1:1 leaf 58: prio 0 rate 17Kbit ceil 250Kbit burst 1620b cburst 1919b tc class show dev eth0: class htb 2:11 parent 2:1 leaf 11: prio 0 rate 15Kbit ceil 100Kbit burst 1618b cburst 1727b class htb 2:22 parent 2:1 leaf 22: prio 0 rate 15Kbit ceil 100Kbit burst 1618b cburst 1727b class htb 2:1 root rate 800Kbit ceil 800Kbit burst 2623b cburst 2623b class htb 2:10 parent 2:1 leaf 10: prio 0 rate 15Kbit ceil 100Kbit burst 1618b cburst 1727b . class htb 2:3 parent 2:1 leaf 3: prio 0 rate 15Kbit ceil 256Kbit burst 1618b cburst 1926b class htb 2:4 parent 2:1 prio 0 rate 10Kbit ceil 10Kbit burst 1611b cburst 1611b What do the tc stats look like? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc