From: "Gáspár Lajos" <swifty@freemail.hu>
To: Marco Coda <marco.coda7@gmail.com>
Cc: netfilter@vger.kernel.org, Nikolay Kichukov <hijacker@oldum.net>
Subject: Re: [half_OT]Traffic shaping with tc and iptables
Date: Thu, 08 Sep 2011 16:52:16 +0200 [thread overview]
Message-ID: <4E68D6A0.9020807@freemail.hu> (raw)
In-Reply-To: <CAGRr-qn=ngiO6oNdecnpa5BRcTBEJuZzd3g+JOk015P84JV0JA@mail.gmail.com>
2011-09-08 16:00 keltezéssel, Marco Coda írta:
> I just tried it, with rare 1Mbit, bandwidth 2 Mbit and iptables with
> --dport 25 and, even if the iptables rule is matched (I can see the
> packet count measuring the right size of the mail), tc seems to ignore
iptales rule matched -> that is good !!! :D
> those packets. I know that my postfix open a connection to another mta
> from a pseudo-random port to 25, but with --dport option tc does not
> consider these packets. Instead, with --sport option, I don't know
> why, something is filtered...
>
Do you see the connection in conntrack??? With the mark=1 value???
Maybe you are trying to set the whole tc on the wrong interface ?!? (As
I mentioned before: You can shape the leaving traffic... On the
interface that is used for the connection...)
>> - If you set your upload limit to 10kbit then you can send 1,25KByte per
>> sec. (It is veeerrryy slooow.)
> In this moment I set this speed so I can test the server with small
> attachments... When the script will be definitively complete,I'll set
> the real values..
Maybe too low values would disable the tc?!? (I am really not sure about
it... :D )
>
> 2011/9/8 Nikolay Kichukov<hijacker@oldum.net>:
>
>> tc does not require iptables to shape traffic at all. So why bothering?
Yes, it can be done without iptables... But filtering in iptables
"maybe" easier than in tc...
Currently it does not work at all... :(
Swifty
next prev parent reply other threads:[~2011-09-08 14:52 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-08 7:44 [half_OT]Traffic shaping with tc and iptables Marco Coda
2011-09-08 9:14 ` Gáspár Lajos
2011-09-08 9:17 ` Gáspár Lajos
2011-09-08 10:54 ` Marco Coda
2011-09-08 11:20 ` Gáspár Lajos
2011-09-08 12:10 ` Marco Coda
2011-09-08 12:22 ` Gáspár Lajos
2011-09-08 14:00 ` Marco Coda
2011-09-08 14:52 ` Gáspár Lajos [this message]
2011-09-08 14:57 ` Nikolay Kichukov
2011-09-08 15:38 ` Marco Coda
2011-09-08 12:40 ` Nikolay Kichukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E68D6A0.9020807@freemail.hu \
--to=swifty@freemail.hu \
--cc=hijacker@oldum.net \
--cc=marco.coda7@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.