Packet matching difficulties

[Alex Regan <mysqlstudent@gmail.com>]

Hi,

I have a mail server on a 10mbit ethernet connection to the Internet 
that's sitting on a local gigabit network. I'm using the shaping 
primarily to control outbound SMTP from consuming all available 
bandwidth. However, I need more fine-grained control to not restrict the 
backup server (rsync over ssh) on the local LAN from also being 
throttled and be able to utilize the full gigabit network.

I realize I should probably be doing the shaping on the gateway 
firewall/router, but I was hoping to keep it simple by doing it directly 
on the mail server.

I believe the problem I may be having is with the matching of the source 
address and destination port. The source IP is the backup server and the 
destination port is ssh on the mail server.

I'm hoping someone can review my rules below and see what might be 
causing the rsync/ssh traffic to be filtered by classid 1:40 instead of 
classid 1:11:

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1: htb default 50
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 2mbit ceil 4mbit 
burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 900mbit ceil 
1000mbit burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 3mbit ceil 4mbit 
burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 3mbit ceil 4mbit 
burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:40 htb rate 512kbit ceil 
1mbit burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:50 htb rate 2mbit ceil 3mbit 
burst 15k prio 1
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev eth0 parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev eth0 parent 1:50 handle 50: sfq perturb 10
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip dport 
25 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip src 
1.2.3.4/32 match ip dport 22 0xffff flowid 1:11
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 
80 0xffff flowid 1:20
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 
443 0xffff flowid 1:20
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 
110 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 
143 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 
993 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 
995 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 
465 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 
587 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 
22 0xffff flowid 1:40

Thanks,
Alex