From: TeraHz <terahz@mail.bg>
To: lartc@vger.kernel.org
Subject: [LARTC] HTB Question...
Date: Wed, 04 Jun 2003 20:27:42 +0000 [thread overview]
Message-ID: <marc-lartc-105475853902692@msgid-missing> (raw)
htb script:
#!/bin/bash
tc qdisc del dev eth1 root handle 1:
tc qdisc add dev eth1 root handle 1: htb default 12
tc class add dev eth1 parent 1: classid 1:1 htb rate 48kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:16 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:17 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:18 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:19 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:21 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:22 htb rate 4kbps ceil 48kbps
tc filter add dev eth1 parent 1:1 protocol ip handle 10 fw classid 1:10
tc filter add dev eth1 parent 1:1 protocol ip handle 11 fw classid 1:12
tc filter add dev eth1 parent 1:1 protocol ip handle 13 fw classid 1:13
tc filter add dev eth1 parent 1:1 protocol ip handle 14 fw classid 1:14
tc filter add dev eth1 parent 1:1 protocol ip handle 15 fw classid 1:15
tc filter add dev eth1 parent 1:1 protocol ip handle 19 fw classid 1:16
tc filter add dev eth1 parent 1:1 protocol ip handle 20 fw classid 1:17
tc filter add dev eth1 parent 1:1 protocol ip handle 24 fw classid 1:18
tc filter add dev eth1 parent 1:1 protocol ip handle 29 fw classid 1:19
tc filter add dev eth1 parent 1:1 protocol ip handle 32 fw classid 1:20
tc filter add dev eth1 parent 1:1 protocol ip handle 33 fw classid 1:21
tc filter add dev eth1 parent 1:1 protocol ip handle 34 fw classid 1:22
iptables -F -t mangle
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.10 -j MARK --set-
mark 10
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.11 -j MARK --set-
mark 11
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.13 -j MARK --set-
mark 13
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.14 -j MARK --set-
mark 14
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.15 -j MARK --set-
mark 15
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.19 -j MARK --set-
mark 19
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.20 -j MARK --set-
mark 20
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.24 -j MARK --set-
mark 24
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.29 -j MARK --set-
mark 29
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.32 -j MARK --set-
mark 32
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.33 -j MARK --set-
mark 33
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.34 -j MARK --set-
mark 34
Firewall ans routing script:
#!/bin/sh
IPT=/usr/sbin/iptables
EXTIF="eth1"
INTIF="eth0"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPT -P INPUT ACCEPT
$IPT -F INPUT
$IPT -P OUTPUT ACCEPT
$IPT -F OUTPUT
$IPT -P FORWARD DROP
$IPT -F FORWARD
$IPT -t nat -F
$IPT -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
#$IPT -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPT -A FORWARD -j LOG
$IPT -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#####THE FIREWALL PART######
$IPT -A INPUT -i $INTIF -j DROP
$IPT -A INPUT -i $INTIF -s 192.168.193.10 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.11 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.13 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.14 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.15 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.19 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.20 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.24 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.29 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.32 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.33 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.34 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.10 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.11 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.13 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.14 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.15 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.19 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.20 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.24 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.29 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.32 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.33 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.34 -j ACCEPT
$IPT -A FORWARD -i $INTIF -j DROP
this are the latest scripts. I've made a LOT of changes.
the packets are marking:
iptables -L -n -v -t mangle
Chain PREROUTING (policy ACCEPT 113K packets, 79M bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 4001 packets, 587K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 109K packets, 79M bytes)
pkts bytes target prot opt in out source
destination
6 507 MARK all -- eth0 * 192.168.193.10
0.0.0.0/0 MARK set 0xa
392 26685 MARK all -- eth0 * 192.168.193.11
0.0.0.0/0 MARK set 0xb
167 10011 MARK all -- eth0 * 192.168.193.13
0.0.0.0/0 MARK set 0xd
0 0 MARK all -- eth0 * 192.168.193.14
0.0.0.0/0 MARK set 0xe
0 0 MARK all -- eth0 * 192.168.193.15
0.0.0.0/0 MARK set 0xf
0 0 MARK all -- eth0 * 192.168.193.19
0.0.0.0/0 MARK set 0x13
0 0 MARK all -- eth0 * 192.168.193.20
0.0.0.0/0 MARK set 0x14
924 37625 MARK all -- eth0 * 192.168.193.24
0.0.0.0/0 MARK set 0x18
0 0 MARK all -- eth0 * 192.168.193.29
0.0.0.0/0 MARK set 0x1d
0 0 MARK all -- eth0 * 192.168.193.32
0.0.0.0/0 MARK set 0x20
1951 82564 MARK all -- eth0 * 192.168.193.33
0.0.0.0/0 MARK set 0x21
0 0 MARK all -- eth0 * 192.168.193.34
0.0.0.0/0 MARK set 0x22
Chain OUTPUT (policy ACCEPT 414 packets, 112K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 109K packets, 79M bytes)
pkts bytes target prot opt in out source
destination
The filters are not working:
tc -s -d class show dev eth1
class htb 1:11 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:22 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:1 root rate 384Kbit ceil 384Kbit burst 2090b/8 mpu 0b cburst
2090b/8 mpu 0b level 7
Sent 279228 bytes 4454 pkts (dropped 0, overlimits 0)
rate 2099bps 29pps
lended: 38 borrowed: 0 giants: 0
tokens: 29519 ctokens: 29519
class htb 1:10 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:13 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:20 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:12 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 279228 bytes 4454 pkts (dropped 0, overlimits 0)
rate 2101bps 29pps
lended: 4416 borrowed: 38 giants: 0
tokens: 264002 ctokens: 29519
class htb 1:21 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:15 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:14 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:17 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:16 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:19 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
class htb 1:18 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327999 ctokens: 34849
If I change the parent of the filters from 1:1 to 1: -> nothing happens!
Please tell me where is the problem!!!
Играй и спечели с Автомобилен Салон София 2003 - http://auto.dir.bg
-------------------------------------------------------------------
Направи си адрес в mail.bG - http://mail.bg/new/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2003-06-04 20:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-04 20:27 TeraHz [this message]
2003-06-04 20:46 ` [LARTC] HTB Question Stef Coene
-- strict thread matches above, loose matches on Subject: below --
2002-04-07 15:09 [LARTC] HTB question Omer suat
2002-04-07 15:17 ` Martin Devera
2002-04-07 15:21 ` Stef Coene
2002-05-13 17:30 ` Pavlos Parissis
2003-04-09 18:06 ` [LARTC] HTB Question Allan Gee
2003-05-23 9:56 ` [LARTC] HTB question Ruslan Spivak
2003-06-28 11:58 ` Lars Landmark
2003-06-28 16:09 ` Stoilis Giannis
2004-01-15 11:07 ` [LARTC] HTB Question hare ram
2006-09-13 14:47 ` [LARTC] HTB question doudouyam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105475853902692@msgid-missing \
--to=terahz@mail.bg \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.