I'm not sure if you have to use different prio for filters (With fw
this is a must). Depends on your setup.
With htb, everything is attached with parent as root qdisc.
On Fri, 18 Feb 2005 18:27:26 +0530, Padam J Singh
[EMAIL PROTECTED] wrote:
Hi!
I have the following setup using
You can try with IMQ, which probably is not wanted for a production
server. You can also mark the pachets which have some DSCP bits, then
use u32 with the mark match (Probably Catalin's implementation), i
think it is even in some latest 2.6 kernels, also don't forget to use
a new iproute2 :)
On
http://metropolitana.loginet.ro/ and reat that stuff, or
you can try to diferentiate metro/interfor for download asking your
ISP if they set a specific DSCP for it. For upload limitting, i add
routes for all metropolitan ips (or bgp does it automatically), and
the default route has a special
I had something similar too, lok here
http://mailman.ds9a.nl/pipermail/lartc/2004q4/01.html
On Sun, 6 Feb 2005 12:13:30 +, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
hello to all
i'm trying to set a filter but doesn't want to work.
i've set ut the qdiscs and the classes like this :
I think you can just make aliases for all 8 ips (Yes i said 8)
ifconfig eth0:0 100.0.43.152 netmask 255.255.255.255 up
ifconfig eth0:1 100.0.43.153 netmask 255.255.255.255 up
ifconfig eth0:2 100.0.43.154 netmask 255.255.255.255 up
...
ifconfig eth0:7 100.0.43.159 netmask 255.255.255.255 up
On
I didn't look much on your script (my brain is not that good
compiler), but looking at yoour default classes and what is happening
with you, i think the filters are not working on you, and evetything
go to default classes. If so, removing the default classes will make
everything work at maximum
Try this
iptables -t mangle -N local
iptablts -t mangle -A INPUT -i $INET_IFACE -j local
iptables -t mangle -A OUTPUT -o $INET_IFACE -j local
iptables -t mangle -A local -p tcp -m layer7 --l7proto http -j DROP
I only think it may work, i say this because local packets are passing
INPUT and
I'm intersted too in a program that take an entire qos struncture tree
and filters and put them instantly in kernel, like iptables, i wonder
if there is such project
On Wed, 19 Jan 2005 12:27:40 +0200 (EET), Catalin(ux aka Dino) BOIE
[EMAIL PROTECTED] wrote:
On Wed, 19 Jan 2005, Liviu Faciu
Hello list,
I am now using hfsc for QOS. I have something like this:
tc qdisc add dev ethx root handle 1: hfsc default 9
tc class add dev ethx parent 1: classid 1:1 hfsc ls m2 70mbit ul m2 70mbit
tc class add dev ethx parent 1:1 classid 1:9 hfsc ls m2 7mbit
#DNS stuff follows
tc class
Hello Everyone,
I have this weird problem. I have 2.6.10-rc2-mm3 kernel with u32
compiled as module. I have the cls_u32 module loaded. I have
different binaryes of tc, the one from iproute packaged from debian
sarge, the Kaber's one from trash.net, and also from another computer
where
You can send the marked packets with 1 in a chain, and marked packets
with 2 in other chain, and then re-mark them based on
source/destination ips, and you will use only fw filters. What Cata
said looks damn intersting (I'll check that later). You may also sniff
the traffic with tcpdump and see if
Hello list,
I'm having problems with HTB on a machine. I noticed that after a
while the machine seems off-line after i start the htb script. After
some debugging i realised the problem stays in the arp packets send by
the machine, which are delayed or dropped. Because of that i had to
remove the
Hello everyone,
I use the scripts from docum.org to manage the bandwith sharing and
traffic graphs. For every user i happen to use about 4 classes. The
/qos/rrds is a symlink to a directory which is in an ext3 fs. The
problem is that i now have over 32 000 files there (about 600
On Thu, 28 Oct 2004 18:33:14 +0700, Key [EMAIL PROTECTED] wrote:
Hi,
I have some question about HTB :
1. I read that HTB priority is only 8 level, from 0 to 7. So if i want to
give different priority
to more than 8 class, what should i do?
2. What happen if i have class eth0-2:10 with
Well, similar things happened on a machine with 2.4.26, with about 300
classes (for 150 users with different cir/mir for metro/extern). I
remade the classes and i applyed fw filters instead of u32, and now it
works very well on 2.4.26.
On Thu, 28 Oct 2004 15:22:42 +0200, Dumitrache Ionut [EMAIL
I have more than 600 classes, 4 classes per each client (down/up for
both metro/extern). I can't be sure if my problem got solved because i
switched to fw or because the htb trees got a little changed, i can
only say it works like a charm, for about 30mbit parent class,
mipclasses, 1700 routes
iptables -I FORWARD -s 192.168.1.202 -p tcp --syn -m state --state NEW
-m limit --limit 50/s --limit-burst 100 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.1.202 -p tcp --syn -m state --state NEW -j DROP
with udps things are a bit simmilar, except you dont need the --syn
On Mon, 25 Oct 2004
(I even may may use IPMARK) which is not
CPU destroyer and wont generate bad latency. I know i should post that
to netfilter mailing list, I am still waiting for opinions.
On Wed, 29 Sep 2004 16:42:06 +0200, Andreas Klauer
[EMAIL PROTECTED] wrote:
George Alexandru Dragoi wrote:
Perhaps
distinguish non p2p for other purpose later. Is it
possible better ? (i bet it does).
On Thu, 30 Sep 2004 15:00:39 +0200, Andreas Klauer
[EMAIL PROTECTED] wrote:
Am Thursday 30 September 2004 14:42 schrieb George Alexandru Dragoi:
Such traffic will be matched agains src ip or dest ip, or port number
Hello everyone,
I want an opinion from people who tryed different matching modules to
match diferent types of traffic, especially p2p ones.
I would like to hear which scales better as CPU usage and latency :
ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use
one of them to
Try docum.org , there are some scripts, GUI.
Also the htb homepage is also good for using htb and lartc.org/howto/
- Original Message -
From: arya sby [EMAIL PROTECTED]
Date: Tue, 31 Aug 2004 18:55:13 -0700 (PDT)
Subject: [LARTC] linux newbie
To: [EMAIL PROTECTED]
hi all,
i am newbie
WTF is hash or hash table ? are you looking into:
ip rule help
?
On Thu, 12 Aug 2004 00:53:40 -0500, Paul C. Diem [EMAIL PROTECTED] wrote:
We currently use iptables, matching packets based on IP address and marking
them with an ID. Multiple IP addresses can be marked with the same ID. We
then
tc qdisc del dev ethx root
tc qdisc add dev ethx root handle 1: htb
tc class add dev ethx parent 1: classid 1:1 htb rate 30kbps
tc filter add dev ethx parent 1: prio 0 protocol ip handle 1 fw flowid 1:1
On Tue, 27 Jul 2004 20:07:37 -0400, nix4me [EMAIL PROTECTED] wrote:
Hi,
I am trying to
On Thu, 22 Jul 2004 21:05:43 -0700, Jens [EMAIL PROTECTED] wrote:
On Thursday 22 July 2004 17:33, George Alexandru Dragoi wrote:
Try also following thigs:
install ROUTE extension from POM
Could you explain this one please ? I don't know what you are talking about.
Thanks
Jens
Is the 192.168.1.2 an ip on the router? If yes, you'll have to mark in
OUTPUT, not PREROUTING, also, after you set up the rules and routes,
did you an
ip route flush cache
?
I hope these works
On Wed, 21 Jul 2004 20:02:32 -0700, Jens [EMAIL PROTECTED] wrote:
I have a particular problem that has
on the
marking follow that.
The flushing is something that got me before but which I am watching like a
hawk now :)
Jens
On Thursday 22 July 2004 02:59, George Alexandru Dragoi wrote:
Is the 192.168.1.2 an ip on the router? If yes, you'll have to mark in
OUTPUT, not PREROUTING, also
OT: Dudes, why i have to reedit To field and delete CC field, gmail
see this as spam
Now, make sure you compiled the kernel with htb, latest stable kernel
is 2.4.26 or 2.6.7
On Thu, 22 Jul 2004 19:58:40 +0200, Antonin Karasek
[EMAIL PROTECTED] wrote:
Hi,
I'm trying to make run a simple
Hehe, maybe it is this:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
On Thu, 22 Jul 2004 16:16:21 -0700, Jens [EMAIL PROTECTED] wrote:
On Thursday 22 July 2004 14:17, George Alexandru Dragoi wrote:
A good think would be to give a full description to your network
setup, interfaces
on the
marking follow that.
The flushing is something that got me before but which I am watching like a
hawk now :)
Jens
On Thursday 22 July 2004 02:59, George Alexandru Dragoi wrote:
Is the 192.168.1.2 an ip on the router? If yes, you'll have to mark in
OUTPUT, not PREROUTING, also
MASQUERADE
Anyway, somehow it should work when the routes were made by iproute2
On Thu, 22 Jul 2004 17:08:14 -0700, Jens [EMAIL PROTECTED] wrote:
On Thursday 22 July 2004 16:50, George Alexandru Dragoi wrote:
Hehe, maybe it is this:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Well I
I think it depence of the PCI interface
On Mon, 19 Jul 2004 13:45:41 -0500, Nathan Littlepage
[EMAIL PROTECTED] wrote:
Anyone know, or where I might find, how many packets per second can be
sustained with the new 2.6 kernel and various processors?
31 matches
Mail list logo
