On 9/12/06, Francisco <[EMAIL PROTECTED]> wrote:
I'll tell you what I did to completelly isolate MY bittorrent traffic. In
azureus you can tell the program to use a specific IP, so I have two IP's per
PC, one for p2p and the other one as the main IP. Then I simply shape traffic
from the azureus I
On 5/22/06, Eliot, Wireless and Server Administrator, Great Lakes
Internet <[EMAIL PROTECTED]> wrote:
You were exactly right here. Moving to the filters instead of the
iptables classify solved the issue. As for performance, I have not yet
benchmarked it to determine if the filters are fast enough
On 5/19/06, Andreas Unterkircher <[EMAIL PROTECTED]> wrote:
Have you checked that the ip_conntrack module is loaded or compiled into
the kernel?
If not the mark is lost...
Cheers,
Andreas
I doubt that's the issue. I do however recall there being issues with
using iptables classify to targets
HFSC doesn't support strict priorities (and neither does HTB, the
priorities just affect unused bandwidth and is still limited by the
ceiling). At least in the case of HFSC this is intentional, strict
priority is not very friendly because it allows traffic to be
entirely excluded, HFSC's goals are
# Base user class
tc class add dev wivl4 parent 5:0 classid 5:130 hfsc ls m1 1536.0Kbit d
2000ms m2 512.00Kbit ul m2 1024Kbit
# Priority queue
tc qdisc add dev wivl4 parent 5:130 handle 134: prio bands 3
tc qdisc add dev wivl4 parent 134:1 handle 135: hfsc default 1
tc qdisc add dev wivl4 paren
On 5/10/06, Muthukumar S <[EMAIL PROTECTED]> wrote:
First up, thanks for the response Jody. I appreciate your taking the
time to answer.
So in essence what this means is that I will not be able to use the
maximum that the link allows if I'm shaping traffic? Please correct me
if I got this wrong
ipp2p is absolutely necessary if you want to shape bittorrent. The
only time your current rules will match is when people connect to your
bittorrent client, otherwise the port that is used is random. I'd
also recommend including a rule to match on 6881-6889 the default
bittorrent ports, as some p
At the bottom of every single e-mail on this list are directions on
how to correctly unsubscribe. Could you please not make a fool of
yourself (twice) and actually read them?
- Jody
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi
> b) Is there a way to get a precise rate and pps for the last 10 seconds?
> (issue of rate taking 3-4 mins to get to zero as opposed to instantly)
Run the command, record the number of bytes and packets sent. (tc -s
class show dev ppp0)
Wait exactly 10 seconds (sleep 10)
Run the command again, r
On 4/7/06, Nataniel Klug <[EMAIL PROTECTED]> wrote:
> Andreas,
>
> This is not the problem becouse if I disable the rules I am using, and
> use other script just with rules using fwmark them the other script
> works fine.
>
> Att,
>
> Nataniel Klug
>
> Andreas Klauer escreveu:
> > On Fri, Apr 07, 2
> CLASS="/sbin/tc class add dev $DL parent"
> $CLASS 1: classid 1:1 htb rate 3072Kbit
> $CLASS 1:1 classid 1:10 htb rate 1024Kbit ceil 1024Kbit
> $CLASS 1:1 classid 1:20 htb rate 1536Kbit ceil 2560Kbit
> $CLASS 1:1 classid 1:30 htb rate 512Kbit ceil 1024Kbit
> $CLASS 1:1 classid 1:40 htb rate 512Kb
On 4/4/06, Nataniel Klug <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I am trying to match some conections using u32 but I tryed this:
>
> [EMAIL PROTECTED] ~]# tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32
> match ip src 0/0 match ip dst 0/0 match ip sport 80 0x flowid 1:10
>
> Before you do that, you should first read:
>http://www.unicom.com/pw/reply-to-harmful.html
>
> Then, the rebuttal:
>http://marc.merlins.org/netrants/reply-to-useful.html
>
> Finally, the rebuttal to the rebuttal:
>http://marc.merlins.org/netrants/listreplyto.txt
>
> --
> Henry Yen <[E
> > I didn't try to specifically, but he did eventually respond and only
> > asked a simple question which had no relevance.
>
> Wow, maybe he is onto other things these days or short of time. Julians
> was very very helpful when I was trying to get things working back in
> the day. Some of it got
Could whomever is in charge of the lartc mailing list please change it
to add the header:
Reply-To: lartc@mailman.ds9a.nl
Every other list I'm on is setup so that by default replies will go to
the list. When replying to lartc emails I notice myself and others
constantly forgetting this list does
On 3/15/06, William L. Thomson Jr. <[EMAIL PROTECTED]> wrote:
> On Wed, 2006-03-15 at 13:33 -0300, Andreas Hasenack wrote:
> >
> > I never used those patches. For me, not being included in the mainstream
> > kernel for all those years has to mean something is broken somewhere.
>
> Well at the time,
It has always done that for me. That I believe is just because of poor
setup for the list where it doesn't use any Reply-To: If someone who
has access to the mailing list server could set it up to use a
Reply-To: of the list it'd be greatly appreciated.
Seems the recent problem was more of someth
On 3/5/06, Andreas Hasenack <[EMAIL PROTECTED]> wrote:
> Em Qui 23 Fev 2006 20:41, Markus Schulz escreveu:
> > you need a patch for NAT processing with multiple gateways. this will
> > then save the routing information for each connection inside NAT
> > structures, so that each packet of an establi
Not all of us can switch distros that easily :P I did try ditching the gentoo kernel sources and going with vanilla kernel sources, but still didn't work and made it easy to cause a kernel panic.I ended up ditching the patches and any thoughts of load balancing between the 2 connections, as debugg
nyany anywhere
anywhereIMQ: todev 0Only 625681 bytes marked as p2p :(---Original Message-From: Jody Shumaker [mailto:[EMAIL PROTECTED]]Sent: 2006 m. vasario 6 d. 21:23
To: VaidasCc: lartc@mailman.ds9a.nlSubject: Re: [LARTC] p2p marking, againBah, I don't know why I didn't notic
Bah, I don't know why I didn't notice this before in your previous
email. It's obvious now that you gave the states output:
iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark
that line is horribly wrong, it should be:
iptables -t mangle -A DSL-IN -p tcp -j CONNMARK --re
They would do different things, the prio only has to do with all other classes that share the same parent. The prio isn't "preserved" as it goes up/down the tree. Depending on what you want to accomplish, you really should probably be doing it on all levels, not one or the other.
- Jody On 2/5/06,
on that.
- JodyOn 1/18/06, Jody Shumaker <[EMAIL PROTECTED]> wrote:
Do you have script to ping/arping the gateways on eth device(s)?
The NOARP devices are always preferred if the GWs on ARP devices are
not marked reachable in ARP cache.Yes, I have a script that pings the gateways on bo
8/06, Alexander Samad <[EMAIL PROTECTED]> wrote:
On Tue, Jan 17, 2006 at 04:53:06PM -0500, Jody Shumaker wrote:> Does anyone have a confirmed to be working multipath setup? I'd like to see> their route output and confirm that this really is an issue. The issue
> might actually be s
On Tue, Jan 17, 2006 at 12:37:48AM -0500, Jody Shumaker wrote:
> Yes, it just shows you what is in the cache, but I was specifying ip> addresses that weren't in the cache yet. I also tried doing traceroutes from> an internal pc, and those always ended up going over the 1 interface. I&
ernel source I last built with.
- JodyOn 1/16/06, Alexander Samad <[EMAIL PROTECTED]> wrote:
On Mon, Jan 16, 2006 at 08:59:32PM -0500, Jody Shumaker wrote:> I found that for ppp devices, i should ony define the next hop with the> dev, not a via. However this still didn't fix my
I found that for ppp devices, i should ony define the next hop with the dev, not a via. However this still didn't fix my problem, but I've narrowed down my problem a little further.# ip route get
66.189.123.13666.189.123.136 dev ppp0 src
71.248.183.244 cache mtu 1492 advmss 1452 metric10
I've applied julian's paches to a 2.6.14 gentoo kernel with the appropiate options enabled, and i'm using a modified version of the mpath2.sh script also available on julian's site http://www.ssi.bg/~ja/
Overall everything works nearly perfectly. Incomming connections to either the fios (PPPoE) co
On 1/13/06, Flemming Frandsen <[EMAIL PROTECTED]> wrote:
Jody Shumaker wrote:> I have never seen anything coming from the mark unless you specify it.I have.> I'm honestly not really sure how setting a mark of 0x14806 can> automatically set it to go to flowid 1:4806.
Because so
Are you sure 172.20.1.1 doesn't block pings? Is there anything else wrong with the setup besides the pings not working? It's not that uncommon for a server to not respond to ping.- Jody
On 1/12/06, Alexandre <[EMAIL PROTECTED]> wrote:
Hello,I'm on Debian Sarge, and try actually to setup iproute thi
My doubt is, what you said is that only one
package in a mark will me matched without that other comands, so, the lines I
have put in red are correct? Today it is working fine, but I have never made a
test longer than 20 or 30 minutes...
Att,
Nataniel KlugIt should perfectly fine. Since y
#accepts the packet if it has a mark besides the
default 0 and prevents the saved mark from being changed iptables -t
mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPTThat section after the restore-mark rule will cause any saved marks to skip the rest of the chain. This results in onl
In my preceding example, I had enabled the connection tracking:iptables -t mangle -A PREROUTING -m state --state ESTABLISHED,RELATED -j
ACCEPTiptables -t mangle -A POSTROUTING -m state --state ESTABLISHED,RELATED-j ACCEPTiptables -t mangle -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPTipta
On 12/28/05, Leo Bogert <[EMAIL PROTECTED]> wrote:
> It's undefined what happens when you overallocate, and is certainly not> required to do what you want. 'rate' is guarenteed rate, 'ceil' is maximum> bandwidth useable through borrowing, and 'prio' is priority this class
> gets when borrowing band
Have you run a comparison when emule isn't running? As I mentioned before, even with emule off you may not be capable of sending any faster to those hosts. Did you also try adjusting the burst rates?Once again I stress that you do NOT need to over guarentee bandwidth. It still makes absolutely no
When configuring this, I thought the priorities would make that work.They even DID that because it was working once.
The whole point why I configured it like that:I (and everyone else probably) want the scheduler to be like:"Give all bandwidth to eMule if nothing else is running.If miranda filetran
Also, when the problem is happening run this command:tc -s class show dev ppp0And email those results? With correct rates that don't add upto more than the parent, HTB should be working fine. Output of this command will show if the problem is with HTB, or instead how you're classifying packets. Co
On 12/27/05, Ratel <[EMAIL PROTECTED]> wrote:
Jody Shumaker wrote:> Andreas Klauer wrote:>>Uh... huh? Your P2P class has 100kbit rate with a 5600kbit ceil,>but you say you don't want it to borrow bandwidth from other classes.>However, to go over the 100kbit rate, it _h
Ratel wrote:
it exceeds its ceil and reaches the rate of my internet link
What are you basing this on? the P2P app or tc -s class show dev ?
Are you using thee CONNTRACK module? It's simple to block P2P without
CONNTRACK but if you want to shape it, you need it. Otherwise you'll
onl
Salim wrote:
What confuses me is, how the popular HTB script 'wondershaper' works!
The sum of its subclasses' rates is way over the parent's rate.
- Original Message -----
*From:* Jody Shumaker <mailto:[EMAIL PROTECTED]>
*To:* Anton Glinkov <mail
The line:iptables -t mangle -A POSTROUTING -m
mark ! --mark 0 -j ACCEPTWill cause the packet to not be processed any ruther if the mark is not 0. You can place this rule after any --set-mark rules you don't want to change or save. After every mark, or group of similar marks, that you do want to
iptables.
Happy Christmas, people of the Packets.On Thu, 2005-12-22 at 14:55 -0500, Jody Shumaker wrote:> The iptables list of rules is read top to bottom, what is the problem> with this? I have my script flush the table, then add everything in
> the order i want it in. The only case this might b
Your subclass's combined rate's should never exceed your parent class's rate, and in this case your parent class is 5mbit, yet your subclasses have a combined guarenteed bandwidth of 6mbit. In my setup, the root classes rate is followed strictly. With burst, it may go over temporarily but over
The iptables list of rules is read top to bottom, what is the problem with this? I have my script flush the table, then add everything in the order i want it in. The only case this might be a problem is where you want to insert a rule at a specific spot in the order, without flushing the table and
Seems like eth0 is your IF connected to the itnernet, you need to do shaping on that for the upload. Modifying the rates and using the same tc comands but on eth0 would likely do it.Also your script is flawed, the layer7 matching for most if not all of those protocols will only match on the first
1.I am not sure if i have to apply it eth0 or eth1.Correct me if i am wrong.
2.I want to apply this for upload and download as well.Will the above be effective for both.?
Apply it to eth1 to shape the upload bandwidth. If yuo want to shape
download bandwidth, i'm not sure the best way to do this b
Both solutions mentioned in here seem to be overly complicated. All of this should be doable with just a proper routing setup. I recently setup multi-link routing and used mostly the info in
http://www.ssi.bg/~ja/nano.txt and the mpath2.sh script linked at http://www.ssi.bg/~ja/The one change I d
Michael Davidson wrote:
Hi,
I've tried the multi tier filtering as suggested, but It didn't do the
trick unfortunately. The filters were accepted at the command line but
when but when I do "tc -s -d filter show dev eth0" the only filters
displayed are those with "root" as the parent. Below
Filters I believe are per qdisc. You really need to have filters to specify which HTB class and which prio class.
tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip dport 22 0x flowid 1:20
tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip dport 23 0x flowid
i'm only sacrificing 4kbit on my 512kbit uplink and i'm getting the
results I want. Can you be more specific as to how it was
"failing" when you had it set closer to the actual link speed?
The reason to keep the speed limit under the actual connection is more
of a latency issue. The reason to do
[EMAIL PROTECTED] wrote:
I thought that the default ceil was the same as the rate, or does that only
apply to the root class?
Thanks for the info.
I just checked the documentation, and you are correct, "The default ceil
is the same as the rate." However since that doesn't seem to be
happe
You didn't set a ceil for 1:10, you only set a rate. when no ceil is
specified, a subclass will borrow past its rate max if it can.
You should use:
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 64kbit ceil 64kbit quantum 1501
And then it would use 64kbit as a hard cap, only going past
For dropping purposes you only need to match the first packet and
prevent the connection from starting, but for both forwarding and
accepting you'll need to mark the whole connection, for most p2p that
ipp2p matches it will only match the first packet of the connection,
all further packets wo
When I read this earlier I thought of offering the same, i'm using a mix
of -j mark and tc filters to do my routing into nexted qdiscs. Seems
more like i'd consider this a bug of classify that should be fixed, and
maybe a note in the howto that it is broken for now.
- Jody
Georg C. F. Greve
Have you tried not using classify but instead using tc filters? Maybe
this is a limitation with iptables classify. Try using your classify
to put things into 20: and then use tc filters attached to 20: to
split into the htb subclasses?
I never used classify much and have always used tc filter i
That sounds like an overly complicated way to do it. I would just
create a 512kbit class with subclasses for the internet traffic, and
route all MAN traffic into a 100mbit class. Should be some way to know
which ip's will go to the MAN. Creating a virtual interface makes little
sense here, si
The greatest benefit is using shaping on the outgoing bandwidth. To do
that you need to do it for the nic connected to the internet, and you'd
want to limit it to a bit under the total bandwidth, for 256kbit i'd
recommend something around 244-250, but it varies on the isp as to how
reliably yo
The priority effects the ratio in which extra bandwidth is shared.
Something with a better priority doesn't automatically get all the
bandwidth it wants before something with a worse priority, they share
it on a ratio basis. You might be better off not using prio and
instead just having the rate'
You might want to remove the iptables CLASSIFY rules as they point to
non existent tc classes, 1:10, 1:20, and 1:30. Also your total
combined rates for all the subclasses of 2:1 are greater than the
rate of 2:1, 22kbps for 2:1 and 36kbps for 2:2 - 2:6. It's best if
you keep these to add up to t
You need to use connection marking as well. --l7proto bittorrent will
only recognize the first packet in a bittorrent stream, you need to save
a mark on the whole tcp connection, and restore the mark for all future
packets if you want the entire connection to be classified.
iptables -t mangle
I'm unsure on the order, it might be based on when they were added.
However if you really want to be sure one gets used before the other
then why don't you use different prio values? a filter with a lower
prio value will get processed before ones with a higher value. If you
want to guarentee one g
Jon wrote:
On Tue, June 7, 2005 18:24, Cal Spadoni said:
Here's my situation:
[Snip]
Is there a way to use iptables to force answers for data going out a
given ppp link to be returned using the same link?
Thanks in advance for your help!!
- Cal
[EMAIL PROTECTED]
Perhaps ip_connmar
What basically happens is that the slowest link ends up controlling the
shaping. Usually this is the device connecting you to your ISP, and it
tends to have a very simple buffering of data, FIFO, first in first
out. What this ends up meaning is that when you send data to it at the
much faster
63 matches
Mail list logo
