Re: [LARTC] Newbie ask

From: Stef Coene <stef.coene@docum.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Newbie ask
Date: Sat, 28 Dec 2002 10:31:51 +0000	[thread overview]
Message-ID: <marc-lartc-104107159721228@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104105968716621@msgid-missing>

On Saturday 28 December 2002 08:13, liang jian wrote:
> My Settings:
>
> LAN--------------| TC |------------------EX
>
>
>
>                      DMZ
>
> iptables -t mangle -A OUTPUT -o $DEV -p tcp  --dport 80 -j MARK --set-mark
> 1
>
> iptables -t mangle -A OUTPUT -o $DEV -p tcp  --dport 22 -j MARK --set-mark
> 2
>
> tc qdisc add dev $DEV root handle 1: cbq bandwidth $BANDWIDTH rate 1Mbit
> avpkt 1000 mpu 64
>
> tc class add dev $DEV parent 1:0 classid 1:2 cbq bandwidth $BANDWIDTH rate
> $RATE_PRIO  allot 1514  maxburst 20 avpkt 1000  isolated bounded
>
> tc class add dev $DEV parent 1:0 classid 1:3 cbq bandwidth $BANDWIDTH rate
> $RATE_LOW  allot 1514  maxburst 20 avpkt 1000  isolated bounded
>
> tc class add dev $DEV parent 1:3 classid 1:5 cbq bandwidth $BANDWIDTH rate
> $RATE_LOW_FAV allot 1514  maxburst 2 avpkt 1000 isolated bounded
>
> tc class add dev $DEV parent 1:3 classid 1:6 cbq bandwidth $BANDWIDTH rate
> $RATE_LOW_LOW allot 1514  maxburst 2 avpkt 1000 isolated bounded
>
> tc qdisc add dev $DEV parent 1:2 handle 2: tbf rate 0.5Mbit burst 20kb
> latency 70ms peakrate 10Mbit minburst 1540 tc qdisc add dev $DEV parent 1:3
> handle 3: tbf rate 0.5Mbit burst 20kb latency 70ms peakrate 10Mbit minburst
> 1540 tc filter add dev $DEV parent 1:0 protocol ip handle 1 fw flowid 1:2
>
> tc filter add dev $DEV parent 1:0 protocol ip handle 2 fw flowid 1:5
> tc filter add dev $DEV parent 1:0 protocol ip handle 3 fw flowid 1:6
>
>
> I land DMZ's ssh or surfing from LAN.
>
> #tc -s class ls dev eth1
> class cbq 1: root rate 1Mbit (bounded,isolated) prio no-transmit
>  Sent 557044 bytes 719 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 6249 undertime 0
> class cbq 1:2 parent 1: leaf 2: rate 700Kbit (bounded,isolated) prio
> no-transmit Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 257728 undertime 0
> class cbq 1:3 parent 1: leaf 3: rate 300Kbit (bounded,isolated) prio
> no-transmit Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 603732 undertime 0
> class cbq 1:5 parent 1:3 rate 180Kbit (bounded,isolated) prio no-transmit
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 74457 undertime 0
> class cbq 1:6 parent 1:3 rate 120Kbit (bounded,isolated) prio no-transmit
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 111751 undertime 0
>
>
> why class 1:5 and 1:6 send 0 bytes 0 pkts?
Class 1:5 contains all packets with dport 22.  So you want to put all ftp-data 
packets in it.  Right?  But ftp can use a dynamic port for ftp-data.
And you have a filter to redirect all packets with mark 3 to class 1:6 but you 
never mark the packets with mark 3.  You only mark them with 1 and 2 so I 
think you miss an iptables command.

And an other tip.  Remove the isolated parameter.  It's not working and it 
will only caue troubles.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/