* Packet matching difficulties
@ 2015-02-27 17:09 Alex Regan
0 siblings, 0 replies; only message in thread
From: Alex Regan @ 2015-02-27 17:09 UTC (permalink / raw)
To: lartc
Hi,
I have a mail server on a 10mbit ethernet connection to the Internet
that's sitting on a local gigabit network. I'm using the shaping
primarily to control outbound SMTP from consuming all available
bandwidth. However, I need more fine-grained control to not restrict the
backup server (rsync over ssh) on the local LAN from also being
throttled and be able to utilize the full gigabit network.
I realize I should probably be doing the shaping on the gateway
firewall/router, but I was hoping to keep it simple by doing it directly
on the mail server.
I believe the problem I may be having is with the matching of the source
address and destination port. The source IP is the backup server and the
destination port is ssh on the mail server.
I'm hoping someone can review my rules below and see what might be
causing the rsync/ssh traffic to be filtered by classid 1:40 instead of
classid 1:11:
tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1: htb default 50
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 2mbit ceil 4mbit
burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 900mbit ceil
1000mbit burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 3mbit ceil 4mbit
burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 3mbit ceil 4mbit
burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:40 htb rate 512kbit ceil
1mbit burst 15k prio 1
tc class add dev eth0 parent 1:1 classid 1:50 htb rate 2mbit ceil 3mbit
burst 15k prio 1
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev eth0 parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev eth0 parent 1:50 handle 50: sfq perturb 10
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip dport
25 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip src
1.2.3.4/32 match ip dport 22 0xffff flowid 1:11
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport
80 0xffff flowid 1:20
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport
443 0xffff flowid 1:20
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport
110 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport
143 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport
993 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport
995 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport
465 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport
587 0xffff flowid 1:30
tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport
22 0xffff flowid 1:40
Thanks,
Alex
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-02-27 17:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-27 17:09 Packet matching difficulties Alex Regan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.