From: "Guillermo Javier Nardoni" <gjnardoni@gmail.com>
To: netfilter@lists.netfilter.org
Subject: QoS-iptables-tc (doesn't work together) why?
Date: Wed, 28 Sep 2005 06:17:33 -0300 [thread overview]
Message-ID: <005001c5c40e$520f0730$5b00a8c0@ripst> (raw)
Hello i'm having some issues trying to match packets
using iptables mark, iproute filter and tc filter.-
i mean, when i do
iptables -t mangle -A INPUT -p tcp --dport 80 -j MARK
--set-mark 20
iptables -t mangle -A PREROUTING -p tcp --dport 25 -j
MARK --set-mark 10
iptables -t mangle -A FORWARD -p tcp -i eth0 -o eth1
--dport 25 -j MARK --set-mark 10
$TC qdisc del dev $INET_IFACE root
$TC qdisc add dev $INET_IFACE root handle 1: htb
default 60
$TC class add dev $INET_IFACE parent 1: classid 1:1
htb rate 2048kbit burst 2k
$TC class add dev $INET_IFACE parent 1:1 classid 1:10
htb rate 10kbit ceil 128kbit prio 5 quantum 1 burst 2k
$TC qdisc add dev $INET_IFACE parent 1:10 handle 10:
sfq perturb 10
$TC class add dev $INET_IFACE parent 1:1 classid 1:20
htb rate 10kbit ceil 512kbit prio 2 quantum 2 burst
2k
$TC qdisc add dev $INET_IFACE parent 1:20 handle 20:
sfq perturb 10
$TC class add dev $INET_IFACE parent 1:1 classid 1:30
htb rate 10kbit ceil 1024kbit prio 2 quantum 6 burst
2k
$TC qdisc add dev $INET_IFACE parent 1:30 handle 30:
sfq perturb 10
$TC class add dev $INET_IFACE parent 1:1 classid 1:40
htb rate 10kbit ceil 128kbit prio 5 quantum 4 burst 2k
$TC qdisc add dev $INET_IFACE parent 1:40 handle 40:
sfq perturb 10
$TC class add dev $INET_IFACE parent 1:1 classid 1:50
htb rate 10kbit ceil 512kbit prio 2 quantum 5 burst
2k
$TC qdisc add dev $INET_IFACE parent 1:50 handle 50:
sfq perturb 10
$TC class add dev $INET_IFACE parent 1:1 classid 1:60
htb rate 350kbit ceil 1020kbit prio 0 quantum 6 burst
2k
$TC qdisc add dev $INET_IFACE parent 1:60 handle 60:
sfq perturb 10
echo "Defino los Filtros"
$TC filter add dev $INET_IFACE parent 1: protocol ip
handle 10 fw classid 1:10
$TC filter add dev $INET_IFACE parent 1: protocol ip
handle 20 fw classid 1:20
$TC filter add dev $INET_IFACE parent 1: protocol ip
handle 30 fw classid 1:30
$TC filter add dev $INET_IFACE parent 1: protocol ip
handle 40 fw classid 1:40
$TC filter add dev $INET_IFACE parent 1: protocol ip
handle 50 fw classid 1:50
$TC filter add dev $INET_IFACE parent 1: protocol ip
handle 60 fw classid 1:60
ip rule add from 20.0.0.3 table 20
ip rule add from 20.0.0.4 table 10
ip rule add fwmark 20 table 20
ip rule add fwmark 10 table 10
BUT I DOESN'T SEEMS TO WORK FINE
ALL TRAFFIC GOES THROUGH THE DEFAULT LEAF OF THE TC'S
TREE
COULD YOU HELP ME PÑLEASE?
i added to
for f in /proc/sys/net/ipv4/conf/*/rp_filter;do
echo > $f
done
echo 1 > /proc/sys/net/ipv4/route/flush
i use:
iproute version: ip utility, iproute2-ss050330
iptables : iptables v1.3.2
tc utility, iproute2-ss050330
whyyyyyyyyyyyyyy mr anderson
whyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
i really aprreciatte your help
regards
Guillermo from Argentina
next reply other threads:[~2005-09-28 9:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-28 9:17 Guillermo Javier Nardoni [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-09-28 7:28 QoS-iptables-tc (doesn't work together) why? Guillermo Javier Nardoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='005001c5c40e$520f0730$5b00a8c0@ripst' \
--to=gjnardoni@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.