From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Guillermo Javier Nardoni" Date: Sat, 01 Oct 2005 14:05:19 +0000 Subject: [LARTC] I gave up.-...-.-.-.- :'( Message-Id: <007101c5c691$2c6f81f0$5b00a8c0@ripst> MIME-Version: 1 Content-Type: multipart/mixed; boundary="===============0215680957==" List-Id: To: lartc@mailman.ds9a.nl, netfilter@lists.netfilter.org, fb-gral@freebaires.org.ar This is a multi-part message in MIME format. --===============0215680957== Content-Type: multipart/alternative; boundary="----=_NextPart_000_006E_01C5C678.02B48F90" This is a multi-part message in MIME format. ------=_NextPart_000_006E_01C5C678.02B48F90 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Actually i gave up, i tried and tried and tried so many times, upgrading = software falling back to an old version=20 but it didn't work, that's it. i can't do work together tc with iptables and iproute2 when i mark a packet with iptables tc doesn't recognize them so it falls = at the default leaf of the tc's tree what i like is to mark packets depending on their ip (the one who make a = connetion into de linux (gateway) box) and port. i'll transcript my script because i really don't know what to do. p.d. so, what i like to do is just simple, i guess; everything comes = from eth1 and goes to eth1 (lan users to linux box services) must be = shapped by ipaddres + port (dport i guess INPUT/OUTPUT CHAIN?) and everything comes from ETH1 goes to ETH0 (Internet Access i guess = PREROUTING/POSTROUTING/FORWARD chain) MUST BE SHAPPED BY PORT + = IPADDRESS i have this situation on the linux server: eth0: (Out to internet) eth1: (LAN) configutarion: eth0 (network 200.123.166.72, broadcast: 200.123.166.79; = (ip range: 200.123.166.73-77) eth0 ip: 200.123.166.73 eth0: gw: 200.123.166.78 eth0: netmask: 255.255.255.248 eth dns1: 200.123.166.73 eth0 dns2: 200.123.166.74 configuration: eth1 (network 172.16.0.0 broadcast: 172.16.0.255 (ip = range: 172.16.0.1-254) eth1 ip: 172.16.0.1 eth1: gw: (none) eth1: netmask: 255.255.0.0 eth1: dns1: 200.123.166.73 eth1: dns2: 200.123.166.74 LINUX BOX SERVING THIS SERVICES: HTTP (PORT 80) SMTP (PORT 25) POP3 = (PORT 110) SSH (PORT 22) FTP (PORT 20-21) SMB FS (PORT 136-139) IRC = (PORT 6667) CONFIGURATION OF TC: tc=3D/sbin/tc iptables=3D/sbin/iptables echo "Building tc Classes" IFACE=3D"eth0 eth1" for i in $IFACE;do $tc qdisc add dev $i root handle 1: htb default 10 $tc class add dev $i parent 1: classid 1:1 htb rate 2048mbit=20 $tc class add dev $i parent 1:1 classid 1:10 htb rate 10kbit ceil = 128kbit quantum 1514 $tc class add dev $i parent 1:1 classid 1:20 htb rate 10kbit ceil = 256kbit quantum 1514 =20 $tc class add dev $i parent 1:1 classid 1:30 htb rate 10kbit ceil = 512kbit quantum 1514 =20 $tc class add dev $i parent 1:1 classid 1:40 htb rate 10kbit ceil = 1024bit quantum 1514 =20 $tc class add dev $i parent 1:1 classid 1:50 htb rate 10kbit ceil = 2048bit quantum 1514 =20 $tc class add dev $i parent 1:1 classid 1:60 htb rate 10kbit ceil = 256kbit quantum 1514 # USED FOR HTTP/IRC $tc class add dev $i parent 1:1 classid 1:70 htb rate 10kbit ceil = 128kbit quantum 1514 # USED FOR EMAIL (SMTP/POP3) $tc qdisc add dev $i parent 1:10 handle 10: sfq perturb 10 $tc qdisc add dev $i parent 1:20 handle 20: sfq perturb 10 $tc qdisc add dev $i parent 1:30 handle 30: sfq perturb 10 $tc qdisc add dev $i parent 1:40 handle 40: sfq perturb 10 $tc qdisc add dev $i parent 1:50 handle 50: sfq perturb 10 $tc qdisc add dev $i parent 1:60 handle 60: sfq perturb 10 $tc qdisc add dev $i parent 1:70 handle 70: sfq perturb 10 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 10 fw flowid = 1:10 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 20 fw flowid = 1:20 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 30 fw flowid = 1:30 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 40 fw flowid = 1:40 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 50 fw flowid = 1:50 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 60 fw flowid = 1:60 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 70 fw flowid = 1:70 PORTS=3D"80 6667 20 21" #ANY IP MUST BE SHAPPED BY THESE PORTS TO THE 1:60 LEAF for i in $PORTS;do $iptables -t mangle -A INPUT -i eth1 -s 172.16.0.0/16 -p tcp --dport = $i -j MARK --set-mark 60 $iptables -t mangle -A INPUT -i eth1 -s 172.16.0.0/16 -p udp --dport = $i -j MARK --set-mark 60 $iptables -t mangle -A OUTPUT -o eth1 -d 172.16.0.0/16 -p tcp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A OUTPUT -o eth1 -d 172.16.0.0/16 -p udp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A INPUT -i eth0 -d 200.123.166.72/30 -p tcp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A INPUT -i eth0 -d 200.123.166.72/30 -p udp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A OUTPUT -o eth0 -d 200.123.166.72/30 -p tcp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A OUTPUT -o eth0 -d 200.123.166.72/30 -p udp = --dport $i -j MARK --set-mark 60 done SOOOOOOOOOOOOOOOOOO WHAT AM I DOING WRONG, COUSE EVERY TRAFFIC COMMING = OR GOING JUST FALLS ON 1:10 (DEFAULT LEAF) This is an extract from the script, so it show you the LOCAL PROCESS of = information not PREROUTING PLEASE HELPPPPPPPPP ME I DON'T KNOW WHAT TO DO AND MY SYSTEM IS GOING = DOWN FASTER.- MY CONFIGURATION IS: ip utility, iproute2-ss050330 tc utility, iproute2-ss050330 iptables v1.3.3 kernel: 2.6.13 patch applied for kernel and iproute and iptables (esfq + wrr) heeeeeeeeeeeeeeeelp thank you so much=20 Guillermo from Argentina ------=_NextPart_000_006E_01C5C678.02B48F90 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Actually i gave up, i tried and tried = and tried so=20 many times, upgrading software falling back to an old version =
but it didn't work, that's = it.
i can't do work together tc with = iptables and=20 iproute2
when i mark a packet with iptables tc = doesn't=20 recognize them so it falls at the default leaf of the tc's = tree
 
what i like is to mark packets = depending on their=20 ip (the one who make a connetion into de linux (gateway) box) and=20 port.
 
i'll transcript my script because i = really don't=20 know what to do.
 
p.d. so, what i like to do is just = simple, i guess;=20 everything comes from eth1 and goes to eth1 (lan users to linux box = services) must be shapped by ipaddres + port (dport i guess INPUT/OUTPUT = CHAIN?)
and everything comes from ETH1 goes to = ETH0=20 (Internet Access i guess PREROUTING/POSTROUTING/FORWARD chain) MUST BE = SHAPPED=20 BY PORT + IPADDRESS
 
i have this situation on the linux=20 server:
 
eth0: (Out to internet)
eth1: (LAN)
 
configutarion: eth0 (network = 200.123.166.72,=20 broadcast: 200.123.166.79; (ip range: 200.123.166.73-77)
eth0 ip: 200.123.166.73
eth0: gw: 200.123.166.78
eth0: netmask: = 255.255.255.248
eth dns1: 200.123.166.73
eth0 dns2: 200.123.166.74
 
configuration: eth1 (network 172.16.0.0 = broadcast:=20 172.16.0.255 (ip range: 172.16.0.1-254)
eth1 ip: 172.16.0.1
eth1: gw: (none)
eth1: netmask: 255.255.0.0
eth1: dns1: 200.123.166.73
eth1: dns2: 200.123.166.74
 
LINUX BOX SERVING THIS SERVICES: HTTP = (PORT 80)=20 SMTP (PORT 25) POP3 (PORT 110) SSH (PORT 22) FTP (PORT 20-21) SMB FS = (PORT=20 136-139) IRC (PORT 6667)
 
CONFIGURATION OF TC:
 
tc=3D/sbin/tc
iptables=3D/sbin/iptables
 
echo "Building tc=20 Classes"
IFACE=3D"eth0 eth1"
for i in=20 $IFACE;do
$tc qdisc add=20 dev $i root handle 1: htb default 10

$tc class add dev $i parent = 1:=20 classid 1:1 htb rate 2048mbit

$tc class add dev $i parent 1:1 = classid=20 1:10 htb rate 10kbit ceil 128kbit quantum 1514
$tc class add dev $i = parent=20 1:1 classid 1:20 htb rate 10kbit ceil 256kbit quantum 1514 
$tc = class=20 add dev $i parent 1:1 classid 1:30 htb rate 10kbit ceil 512kbit quantum=20 1514 
$tc class add dev $i parent 1:1 classid 1:40 htb rate = 10kbit ceil=20 1024bit quantum 1514 
$tc class add dev $i parent 1:1 classid = 1:50 htb=20 rate 10kbit ceil 2048bit quantum 1514 
$tc class add dev $i = parent 1:1=20 classid 1:60 htb rate 10kbit ceil 256kbit quantum 1514 # USED FOR=20 HTTP/IRC
$tc class add dev $i = parent 1:1=20 classid 1:70 htb rate 10kbit ceil 128kbit quantum 1514 # USED FOR EMAIL=20 (SMTP/POP3)


$tc qdisc add dev $i parent 1:10 handle 10: sfq = perturb=20 10
$tc qdisc add dev $i parent 1:20 handle 20: sfq perturb 10
$tc = qdisc=20 add dev $i parent 1:30 handle 30: sfq perturb 10
$tc qdisc add dev $i = parent=20 1:40 handle 40: sfq perturb 10
$tc qdisc add dev $i parent 1:50 = handle 50:=20 sfq perturb 10
$tc qdisc add dev $i = parent 1:60=20 handle 60: sfq perturb 10
$tc qdisc add dev $i parent 1:70 handle 70: = sfq=20 perturb 10
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 10 fw flowid 1:10
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 20 fw flowid 1:20
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 30 fw flowid 1:30
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 40 fw flowid 1:40
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 50 fw flowid 1:50
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 60 fw flowid 1:60
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 70 fw flowid 1:70
 
 
 
PORTS=3D"80 6667 20 21"
#ANY IP MUST BE SHAPPED BY THESE PORTS TO THE 1:60=20 LEAF
for i in $PORTS;do
    $iptables -t mangle -A INPUT -i=20 eth1 -s 172.16.0.0/16 -p tcp --dport $i -j MARK --set-mark=20 60
    $iptables -t mangle -A INPUT -i=20 eth1 -s 172.16.0.0/16 -p udp --dport $i -j MARK --set-mark=20 60
 
    $iptables -t mangle = -A OUTPUT -o=20 eth1 -d 172.16.0.0/16 -p tcp --dport $i -j MARK --set-mark=20 60
    $iptables -t mangle = -A OUTPUT -o=20 eth1 -d 172.16.0.0/16 -p udp --dport $i -j MARK --set-mark=20 60
 
    $iptables -t mangle -A INPUT -i=20 eth0 -d 200.123.166.72/30 -p tcp --dport $i -j MARK --set-mark = 60
    $iptables -t mangle -A INPUT -i=20 eth0 -d 200.123.166.72/30 -p udp --dport $i -j MARK --set-mark = 60
 
    $iptables -t mangle = -A OUTPUT -o=20 eth0 -d 200.123.166.72/30 -p tcp --dport $i -j MARK --set-mark = 60
    $iptables -t mangle = -A OUTPUT -o=20 eth0 -d 200.123.166.72/30 -p udp --dport $i -j MARK --set-mark = 60
done
 
SOOOOOOOOOOOOOOOOOO WHAT AM I DOING WRONG, COUSE EVERY TRAFFIC = COMMING OR=20 GOING JUST FALLS ON 1:10 (DEFAULT LEAF)
 
This is an extract from the script, so it show you the LOCAL = PROCESS of=20 information not PREROUTING
 
PLEASE HELPPPPPPPPP ME I DON'T KNOW WHAT TO DO AND MY SYSTEM IS = GOING DOWN=20 FASTER.-
 
MY CONFIGURATION IS:
ip utility, iproute2-ss050330
tc utility, iproute2-ss050330
iptables v1.3.3
kernel: 2.6.13
patch applied for kernel and iproute and iptables (esfq + = wrr)
heeeeeeeeeeeeeeeelp
 
 
thank you so much
Guillermo from Argentina


 
 ------=_NextPart_000_006E_01C5C678.02B48F90-- --===============0215680957== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --===============0215680957==-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Guillermo Javier Nardoni" Subject: I gave up.-...-.-.-.- :'( Date: Sat, 1 Oct 2005 11:05:19 -0300 Message-ID: <007101c5c691$2c6f81f0$5b00a8c0@ripst> Reply-To: Guillermo Javier Nardoni Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0215680957==" Return-path: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Mime-version: 1.0 Sender: lartc-bounces@mailman.ds9a.nl Errors-To: lartc-bounces@mailman.ds9a.nl To: lartc@mailman.ds9a.nl, netfilter@lists.netfilter.org, fb-gral@freebaires.org.ar This is a multi-part message in MIME format. --===============0215680957== Content-Type: multipart/alternative; boundary="----=_NextPart_000_006E_01C5C678.02B48F90" This is a multi-part message in MIME format. ------=_NextPart_000_006E_01C5C678.02B48F90 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Actually i gave up, i tried and tried and tried so many times, upgrading = software falling back to an old version=20 but it didn't work, that's it. i can't do work together tc with iptables and iproute2 when i mark a packet with iptables tc doesn't recognize them so it falls = at the default leaf of the tc's tree what i like is to mark packets depending on their ip (the one who make a = connetion into de linux (gateway) box) and port. i'll transcript my script because i really don't know what to do. p.d. so, what i like to do is just simple, i guess; everything comes = from eth1 and goes to eth1 (lan users to linux box services) must be = shapped by ipaddres + port (dport i guess INPUT/OUTPUT CHAIN?) and everything comes from ETH1 goes to ETH0 (Internet Access i guess = PREROUTING/POSTROUTING/FORWARD chain) MUST BE SHAPPED BY PORT + = IPADDRESS i have this situation on the linux server: eth0: (Out to internet) eth1: (LAN) configutarion: eth0 (network 200.123.166.72, broadcast: 200.123.166.79; = (ip range: 200.123.166.73-77) eth0 ip: 200.123.166.73 eth0: gw: 200.123.166.78 eth0: netmask: 255.255.255.248 eth dns1: 200.123.166.73 eth0 dns2: 200.123.166.74 configuration: eth1 (network 172.16.0.0 broadcast: 172.16.0.255 (ip = range: 172.16.0.1-254) eth1 ip: 172.16.0.1 eth1: gw: (none) eth1: netmask: 255.255.0.0 eth1: dns1: 200.123.166.73 eth1: dns2: 200.123.166.74 LINUX BOX SERVING THIS SERVICES: HTTP (PORT 80) SMTP (PORT 25) POP3 = (PORT 110) SSH (PORT 22) FTP (PORT 20-21) SMB FS (PORT 136-139) IRC = (PORT 6667) CONFIGURATION OF TC: tc=3D/sbin/tc iptables=3D/sbin/iptables echo "Building tc Classes" IFACE=3D"eth0 eth1" for i in $IFACE;do $tc qdisc add dev $i root handle 1: htb default 10 $tc class add dev $i parent 1: classid 1:1 htb rate 2048mbit=20 $tc class add dev $i parent 1:1 classid 1:10 htb rate 10kbit ceil = 128kbit quantum 1514 $tc class add dev $i parent 1:1 classid 1:20 htb rate 10kbit ceil = 256kbit quantum 1514 =20 $tc class add dev $i parent 1:1 classid 1:30 htb rate 10kbit ceil = 512kbit quantum 1514 =20 $tc class add dev $i parent 1:1 classid 1:40 htb rate 10kbit ceil = 1024bit quantum 1514 =20 $tc class add dev $i parent 1:1 classid 1:50 htb rate 10kbit ceil = 2048bit quantum 1514 =20 $tc class add dev $i parent 1:1 classid 1:60 htb rate 10kbit ceil = 256kbit quantum 1514 # USED FOR HTTP/IRC $tc class add dev $i parent 1:1 classid 1:70 htb rate 10kbit ceil = 128kbit quantum 1514 # USED FOR EMAIL (SMTP/POP3) $tc qdisc add dev $i parent 1:10 handle 10: sfq perturb 10 $tc qdisc add dev $i parent 1:20 handle 20: sfq perturb 10 $tc qdisc add dev $i parent 1:30 handle 30: sfq perturb 10 $tc qdisc add dev $i parent 1:40 handle 40: sfq perturb 10 $tc qdisc add dev $i parent 1:50 handle 50: sfq perturb 10 $tc qdisc add dev $i parent 1:60 handle 60: sfq perturb 10 $tc qdisc add dev $i parent 1:70 handle 70: sfq perturb 10 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 10 fw flowid = 1:10 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 20 fw flowid = 1:20 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 30 fw flowid = 1:30 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 40 fw flowid = 1:40 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 50 fw flowid = 1:50 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 60 fw flowid = 1:60 $tc filter add dev $i parent 1:0 protocol ip prio 0 handle 70 fw flowid = 1:70 PORTS=3D"80 6667 20 21" #ANY IP MUST BE SHAPPED BY THESE PORTS TO THE 1:60 LEAF for i in $PORTS;do $iptables -t mangle -A INPUT -i eth1 -s 172.16.0.0/16 -p tcp --dport = $i -j MARK --set-mark 60 $iptables -t mangle -A INPUT -i eth1 -s 172.16.0.0/16 -p udp --dport = $i -j MARK --set-mark 60 $iptables -t mangle -A OUTPUT -o eth1 -d 172.16.0.0/16 -p tcp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A OUTPUT -o eth1 -d 172.16.0.0/16 -p udp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A INPUT -i eth0 -d 200.123.166.72/30 -p tcp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A INPUT -i eth0 -d 200.123.166.72/30 -p udp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A OUTPUT -o eth0 -d 200.123.166.72/30 -p tcp = --dport $i -j MARK --set-mark 60 $iptables -t mangle -A OUTPUT -o eth0 -d 200.123.166.72/30 -p udp = --dport $i -j MARK --set-mark 60 done SOOOOOOOOOOOOOOOOOO WHAT AM I DOING WRONG, COUSE EVERY TRAFFIC COMMING = OR GOING JUST FALLS ON 1:10 (DEFAULT LEAF) This is an extract from the script, so it show you the LOCAL PROCESS of = information not PREROUTING PLEASE HELPPPPPPPPP ME I DON'T KNOW WHAT TO DO AND MY SYSTEM IS GOING = DOWN FASTER.- MY CONFIGURATION IS: ip utility, iproute2-ss050330 tc utility, iproute2-ss050330 iptables v1.3.3 kernel: 2.6.13 patch applied for kernel and iproute and iptables (esfq + wrr) heeeeeeeeeeeeeeeelp thank you so much=20 Guillermo from Argentina ------=_NextPart_000_006E_01C5C678.02B48F90 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Actually i gave up, i tried and tried = and tried so=20 many times, upgrading software falling back to an old version =
but it didn't work, that's = it.
i can't do work together tc with = iptables and=20 iproute2
when i mark a packet with iptables tc = doesn't=20 recognize them so it falls at the default leaf of the tc's = tree
 
what i like is to mark packets = depending on their=20 ip (the one who make a connetion into de linux (gateway) box) and=20 port.
 
i'll transcript my script because i = really don't=20 know what to do.
 
p.d. so, what i like to do is just = simple, i guess;=20 everything comes from eth1 and goes to eth1 (lan users to linux box = services) must be shapped by ipaddres + port (dport i guess INPUT/OUTPUT = CHAIN?)
and everything comes from ETH1 goes to = ETH0=20 (Internet Access i guess PREROUTING/POSTROUTING/FORWARD chain) MUST BE = SHAPPED=20 BY PORT + IPADDRESS
 
i have this situation on the linux=20 server:
 
eth0: (Out to internet)
eth1: (LAN)
 
configutarion: eth0 (network = 200.123.166.72,=20 broadcast: 200.123.166.79; (ip range: 200.123.166.73-77)
eth0 ip: 200.123.166.73
eth0: gw: 200.123.166.78
eth0: netmask: = 255.255.255.248
eth dns1: 200.123.166.73
eth0 dns2: 200.123.166.74
 
configuration: eth1 (network 172.16.0.0 = broadcast:=20 172.16.0.255 (ip range: 172.16.0.1-254)
eth1 ip: 172.16.0.1
eth1: gw: (none)
eth1: netmask: 255.255.0.0
eth1: dns1: 200.123.166.73
eth1: dns2: 200.123.166.74
 
LINUX BOX SERVING THIS SERVICES: HTTP = (PORT 80)=20 SMTP (PORT 25) POP3 (PORT 110) SSH (PORT 22) FTP (PORT 20-21) SMB FS = (PORT=20 136-139) IRC (PORT 6667)
 
CONFIGURATION OF TC:
 
tc=3D/sbin/tc
iptables=3D/sbin/iptables
 
echo "Building tc=20 Classes"
IFACE=3D"eth0 eth1"
for i in=20 $IFACE;do
$tc qdisc add=20 dev $i root handle 1: htb default 10

$tc class add dev $i parent = 1:=20 classid 1:1 htb rate 2048mbit

$tc class add dev $i parent 1:1 = classid=20 1:10 htb rate 10kbit ceil 128kbit quantum 1514
$tc class add dev $i = parent=20 1:1 classid 1:20 htb rate 10kbit ceil 256kbit quantum 1514 
$tc = class=20 add dev $i parent 1:1 classid 1:30 htb rate 10kbit ceil 512kbit quantum=20 1514 
$tc class add dev $i parent 1:1 classid 1:40 htb rate = 10kbit ceil=20 1024bit quantum 1514 
$tc class add dev $i parent 1:1 classid = 1:50 htb=20 rate 10kbit ceil 2048bit quantum 1514 
$tc class add dev $i = parent 1:1=20 classid 1:60 htb rate 10kbit ceil 256kbit quantum 1514 # USED FOR=20 HTTP/IRC
$tc class add dev $i = parent 1:1=20 classid 1:70 htb rate 10kbit ceil 128kbit quantum 1514 # USED FOR EMAIL=20 (SMTP/POP3)


$tc qdisc add dev $i parent 1:10 handle 10: sfq = perturb=20 10
$tc qdisc add dev $i parent 1:20 handle 20: sfq perturb 10
$tc = qdisc=20 add dev $i parent 1:30 handle 30: sfq perturb 10
$tc qdisc add dev $i = parent=20 1:40 handle 40: sfq perturb 10
$tc qdisc add dev $i parent 1:50 = handle 50:=20 sfq perturb 10
$tc qdisc add dev $i = parent 1:60=20 handle 60: sfq perturb 10
$tc qdisc add dev $i parent 1:70 handle 70: = sfq=20 perturb 10
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 10 fw flowid 1:10
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 20 fw flowid 1:20
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 30 fw flowid 1:30
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 40 fw flowid 1:40
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 50 fw flowid 1:50
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 60 fw flowid 1:60
$tc filter add dev $i = parent 1:0=20 protocol ip prio 0 handle 70 fw flowid 1:70
 
 
 
PORTS=3D"80 6667 20 21"
#ANY IP MUST BE SHAPPED BY THESE PORTS TO THE 1:60=20 LEAF
for i in $PORTS;do
    $iptables -t mangle -A INPUT -i=20 eth1 -s 172.16.0.0/16 -p tcp --dport $i -j MARK --set-mark=20 60
    $iptables -t mangle -A INPUT -i=20 eth1 -s 172.16.0.0/16 -p udp --dport $i -j MARK --set-mark=20 60
 
    $iptables -t mangle = -A OUTPUT -o=20 eth1 -d 172.16.0.0/16 -p tcp --dport $i -j MARK --set-mark=20 60
    $iptables -t mangle = -A OUTPUT -o=20 eth1 -d 172.16.0.0/16 -p udp --dport $i -j MARK --set-mark=20 60
 
    $iptables -t mangle -A INPUT -i=20 eth0 -d 200.123.166.72/30 -p tcp --dport $i -j MARK --set-mark = 60
    $iptables -t mangle -A INPUT -i=20 eth0 -d 200.123.166.72/30 -p udp --dport $i -j MARK --set-mark = 60
 
    $iptables -t mangle = -A OUTPUT -o=20 eth0 -d 200.123.166.72/30 -p tcp --dport $i -j MARK --set-mark = 60
    $iptables -t mangle = -A OUTPUT -o=20 eth0 -d 200.123.166.72/30 -p udp --dport $i -j MARK --set-mark = 60
done
 
SOOOOOOOOOOOOOOOOOO WHAT AM I DOING WRONG, COUSE EVERY TRAFFIC = COMMING OR=20 GOING JUST FALLS ON 1:10 (DEFAULT LEAF)
 
This is an extract from the script, so it show you the LOCAL = PROCESS of=20 information not PREROUTING
 
PLEASE HELPPPPPPPPP ME I DON'T KNOW WHAT TO DO AND MY SYSTEM IS = GOING DOWN=20 FASTER.-
 
MY CONFIGURATION IS:
ip utility, iproute2-ss050330
tc utility, iproute2-ss050330
iptables v1.3.3
kernel: 2.6.13
patch applied for kernel and iproute and iptables (esfq + = wrr)
heeeeeeeeeeeeeeeelp
 
 
thank you so much
Guillermo from Argentina


 
 ------=_NextPart_000_006E_01C5C678.02B48F90-- --===============0215680957== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --===============0215680957==--