From: "Matias Namiot" <namiot@ciudad.com.ar>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] IP ROUTE
Date: Wed, 28 Jul 2004 14:58:59 +0000 [thread overview]
Message-ID: <006201c474b3$6df3aab0$1410a8c0@Wireless> (raw)
In-Reply-To: <marc-lartc-102270375213579@msgid-missing>
[-- Attachment #1: Type: text/plain, Size: 13189 bytes --]
I need resolv this problem now, because I haven't any time, and my problem is:
server2 root # ip route add default scope global nexthop via 192.168.5.1 dev eth2 weight 1 nexthop via 192.168.160.1 dev eth0 weight 1
RTNETLINK answers: Invalid argument
I want make this is my configuration:
# Configuración TC para Bariloche Wireless
# Salida a internet eth1
# Subida 128k y bajada 128k
# Valores:
# mbps = 1024 kbps = 1024 * 1024 bps => byte/s
# mbit = 1024 kbit => kilobit/s.
# mb = 1024 kb = 1024 * 1024 b => byte
# mbit = 1024 kbit => kilobit.
# Internamente, los números se almacenan en bps, pero cuando tc imprime las tasas, usa lo siguiente:
# 1Mbit = 1024 Kbit = 1024 * 1024 bps => byte/s
##### Limpiamos reglas anteriores
tc qdisc del dev eth1 root 2> /dev/null > /dev/null
tc qdisc del dev eth1 ingress 2> /dev/null > /dev/null
##### Definimos las qdisc
# Definimos tasa superior y dispositivo de internet
CEIL=128
DEV_INT=eth1
# Esta línea se encargará de enviar por defecto a la clase 1:15
tc qdisc add dev eth1 root handle 1: htb default 15
# Qdisc padre
tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit
# Esta línea se encargará de enviar paquetes de baja latencia (telnet, ssh, SYN, etc) como interactivas
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 80kbit ceil 80kbit prio 0
# Esta línea se encargará de tráfico masivo WEB
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 80kbit ceil ${CEIL}kbit prio 1
# Esta línea se encargará de tráfico TOS de maximizar transferencia y el tráfico local
#tc class add dev eth1 parent 1:1 classid 1:12 htb rate 20kbit ceil ${CEIL}kbit prio 2
# Esta línea se encargará de las máquinas con NAT
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 80kbit ceil ${CEIL}kbit prio 2
# Esta línea se encargará del correo SMTP y POP3 con un TOS de minimizar costo.
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 20kbit ceil ${CEIL}kbit prio 3
# Esta línea se encargará de tráfico masivo de las máquinas con NAT con Kazaa, e-Donkey, etc
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 10kbit ceil ${CEIL}kbit prio 3
# Aplicamos SFQ para el tráfico pesado con hash cada 10 segundos
#tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10
tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10
##### Clasificación de paquetes con iptables
# Se prefiere por los paquetes porque son muy flexibles y puedes hacer conteo de paquetes por cada regla, y con el objetivo
# RETURN los paquetes no necesitan pasar por todas las reglas. Los paquetes con FWMARK (handle x fw) van en la clase indicada
tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
#tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
tc filter add dev eth0 parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13
tc filter add dev eth0 parent 1:0 protocol ip prio 5 handle 5 fw classid 1:14
tc filter add dev eth0 parent 1:0 protocol ip prio 6 handle 6 fw classid 1:15
##### Acá hay que hacer NAT con iptables.
##### Marcando paquetes
# No olvidarse el -j RETURN de manera que los paquetes no atraviesen todas las reglas
##### Para clase 10
# Marcando iptables para paquetes ICMP
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p icmp -j RETURN
iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -p icmp -j RETURN
# Marcando iptables para paquetes con TOS para Minimizar el tiempo
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN
iptables -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j RETURN
# Marcando iptables para paquetes SSH
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 -j RETURN
# Marcando iptables para paquetes de sincronismo
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
iptables -t mangle -I OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
iptables -t mangle -I OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
##### Para clase 11
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j RETURN
##### Para clase 13
# Marcando iptables para paquetes FTP y FTP-DATA
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 21 -j MARK --set-mark 0x4
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 21 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 21 -j MARK --set-mark 0x4
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 21 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 20 -j MARK --set-mark 0x4
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 20 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 20 -j MARK --set-mark 0x4
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 20 -j RETURN
##### Para clase 14
# Marcando iptables para paquetes con TOS para Minimizar el costo
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN
iptables -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j MARK --set-mark 0x5
iptables -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j RETURN
# Marcando iptables para paquetes SMTP
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 25 -j MARK --set-mark 0x5
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 25 -j RETURN
# Marcando iptables para paquetes POP3
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 110 -j MARK --set-mark 0x5
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 110 -j RETURN
##### Para clase 15
# Marcando iptables para paquetes con TOS para Maximizar transferencias
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 0x6
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN
iptables -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j MARK --set-mark 0x6
iptables -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j RETURN
# Marcando iptables para paquetes por defecto (es redundante)
iptables -t mangle -A PREROUTING -j MARK --set-mark 0x6
iptables -t mangle -A OUTPUT -j MARK --set-mark 0x6
My kernel config is:
CONFIG_X86=y
CONFIG_UID16=y
CONFIG_EXPERIMENTAL=y
CONFIG_MODULES=y
CONFIG_MODVERSIONS=y
CONFIG_KMOD=y
CONFIG_MXP31=y
CONFIG_X86_WP_WORKS_OK=y
CONFIG_X86_INVLPG=y
CONFIG_X86_CMPXCHG=y
CONFIG_X86_XADD=y
CONFIG_X86_BSWAP=y
CONFIG_X86_POPAD_OK=y
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_X86_L1_CACHE_SHIFT=6
CONFIG_X86_HAS_TSC=y
CONFIG_X86_GOOD_APIC=y
CONFIG_X86_USE_3DNOW=y
CONFIG_X86_PGE=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_MCE=y
CONFIG_NOHIGHMEM=y
CONFIG_1GB=y
CONFIG_PREEMPT=y
CONFIG_X86_TSC=y
CONFIG_HAVE_DEC_LOCK=y
CONFIG_NET=y
CONFIG_PCI=y
CONFIG_PCI_GOANY=y
CONFIG_PCI_BIOS=y
CONFIG_PCI_DIRECT=y
CONFIG_PCI_NAMES=y
CONFIG_HOTPLUG=y
CONFIG_SYSVIPC=y
CONFIG_SYSCTL=y
CONFIG_KCORE_ELF=y
CONFIG_BINFMT_AOUT=y
CONFIG_BINFMT_ELF=y
CONFIG_BINFMT_MISC=y
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
CONFIG_NETLINK_DEV=y
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_NET_IPIP=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_ECN=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_STEALTH=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_MIRROR=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_NET_DIVERT=y
CONFIG_NET_FASTROUTE=y
CONFIG_NET_SCHED=y
CONFIG_NET_SCH_CBQ=y
CONFIG_NET_SCH_HTB=y
CONFIG_NET_SCH_CSZ=y
CONFIG_NET_SCH_HFSC=y
CONFIG_NET_SCH_PRIO=y
CONFIG_NET_SCH_RED=y
CONFIG_NET_SCH_SFQ=y
CONFIG_NET_SCH_TEQL=y
CONFIG_NET_SCH_TBF=y
CONFIG_NET_SCH_GRED=y
CONFIG_NET_SCH_DELAY=y
CONFIG_NET_SCH_DSMARK=y
CONFIG_NET_SCH_INGRESS=y
CONFIG_NET_QOS=y
CONFIG_NET_ESTIMATOR=y
CONFIG_NET_CLS=y
CONFIG_NET_CLS_TCINDEX=y
CONFIG_NET_CLS_ROUTE4=y
CONFIG_NET_CLS_ROUTE=y
CONFIG_NET_CLS_FW=y
CONFIG_NET_CLS_U32=y
CONFIG_NET_CLS_RSVP=y
CONFIG_NET_CLS_POLICE=y
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=y
CONFIG_BLK_DEV_IDEDISK=y
CONFIG_IDEDISK_MULTI_MODE=y
CONFIG_BLK_DEV_IDECD=y
CONFIG_BLK_DEV_CMD640=y
CONFIG_BLK_DEV_IDEPCI=y
CONFIG_BLK_DEV_GENERIC=y
CONFIG_IDEPCI_SHARE_IRQ=y
CONFIG_BLK_DEV_IDEDMA_PCI=y
CONFIG_IDEDMA_PCI_AUTO=y
CONFIG_BLK_DEV_IDEDMA=y
CONFIG_BLK_DEV_PIIX=y
CONFIG_IDEDMA_AUTO=y
CONFIG_NETDEVICES=y
CONFIG_DUMMY=m
CONFIG_NET_ETHERNET=y
CONFIG_NET_VENDOR_3COM=y
CONFIG_VORTEX=y
CONFIG_R8169=y
CONFIG_PPP=y
CONFIG_PPP_MULTILINK=y
CONFIG_PPP_ASYNC=y
CONFIG_PPP_SYNC_TTY=y
CONFIG_PPPOE=y
CONFIG_NET_RADIO=y
CONFIG_HERMES=y
CONFIG_PLX_HERMES=y
CONFIG_TMD_HERMES=y
CONFIG_PCI_HERMES=y
CONFIG_NET_WIRELESS=y
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_SERIAL=y
CONFIG_UNIX98_PTYS=y
CONFIG_UNIX98_PTY_COUNT=256
CONFIG_AGP=y
CONFIG_AGP_NVIDIA=y
CONFIG_AUTOFS4_FS=y
CONFIG_REISERFS_FS=y
CONFIG_REISERFS_CHECK=y
CONFIG_REISERFS_PROC_INFO=y
CONFIG_EXT3_FS=y
CONFIG_JBD=y
CONFIG_JBD_DEBUG=y
CONFIG_TMPFS=y
CONFIG_RAMFS=y
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
CONFIG_PROC_FS=y
CONFIG_DEVFS_FS=y
CONFIG_DEVFS_MOUNT=y
CONFIG_MSDOS_PARTITION=y
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="iso8859-1"
CONFIG_VGA_CONSOLE=y
CONFIG_VIDEO_SELECT=y
CONFIG_FB=y
CONFIG_DUMMY_CONSOLE=y
CONFIG_FB_LOGO_TUX=y
CONFIG_FB_VESA=y
CONFIG_VIDEO_SELECT=y
CONFIG_FBCON_CFB8=y
CONFIG_FBCON_CFB16=y
CONFIG_FBCON_CFB24=y
CONFIG_FBCON_CFB32=y
CONFIG_FONT_8x8=y
CONFIG_FONT_8x16=y
CONFIG_LOG_BUF_SHIFT=0
CONFIG_CRC32=y
----- Original Message -----
From: mjoachimiak@poczta.onet.pl
To: Matias Namiot
Sent: Wednesday, July 28, 2004 10:21 AM
Subject: Re: [LARTC] IP ROUTE
Please send earlier commands you are doing before that tc filter add....
--- Original Message -----
From: Matias Namiot
To: lartc@mailman.ds9a.nl
Sent: Tuesday, July 27, 2004 4:01 PM
Subject: Re: [LARTC] IP ROUTE
The problem was the module CONFIG_IP_ROUTE_MULTIPATH of the kernel
Thanks for all, now I fight with what is de module of tc filter because I can't do that:
server2 linux # tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
RTNETLINK answers: Invalid argument
server2 linux #
----- Original Message -----
From: Matias Namiot
To: lartc@mailman.ds9a.nl
Sent: Monday, July 26, 2004 3:47 PM
Subject: [LARTC] IP ROUTE
Hello, my linux show me that:
server2 root # ip route add default scope global nexthop via 192.168.5.1 dev eth2 weight 1 nexthop via 192.168.160.1 dev eth0 weight 1
RTNETLINK answers: Invalid argument
What can I do????
Thanks
Matias
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.726 / Virus Database: 481 - Release Date: 22/07/2004
[-- Attachment #2: Type: text/html, Size: 21011 bytes --]
next prev parent reply other threads:[~2004-07-28 14:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-29 20:20 [LARTC] ip route King Yung Tong
2002-09-30 16:11 ` Rimas
2004-07-26 18:47 ` [LARTC] IP ROUTE Matias Namiot
2004-07-26 20:07 ` Julien
2004-07-26 20:57 ` Matias Namiot
2004-07-27 14:01 ` Matias Namiot
2004-07-28 14:58 ` Matias Namiot [this message]
2004-07-28 15:00 ` Matias Namiot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='006201c474b3$6df3aab0$1410a8c0@Wireless' \
--to=namiot@ciudad.com.ar \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.