From: =?unknown-8bit?q?Drago=C2=BA_Cintez=C3=A3?= <Dragos_Cinteza@web.de>
To: lartc@vger.kernel.org
Subject: [LARTC] Client firewall scrueing up bandwith shapeing
Date: Sat, 04 Oct 2003 15:31:05 +0000 [thread overview]
Message-ID: <marc-lartc-106528156922007@msgid-missing> (raw)
Hi
Here’s the deal: I have a LAN behind a linux box. The Linux box acts
as a NAT to all the hosts behind it. I'm classifying my hosts with
iptables:
/sbin/iptables -t mangle -A INPUT --in-interface $GREEN_DEV -s 192.168.1.1 -j MARK --set-mark 1
...
/sbin/iptables -t mangle -A INPUT --in-interface $GREEN_DEV -s 192.168.1.7 -j MARK --set-mark 7
/sbin/iptables -t mangle -A OUTPUT --out-interface $GREEN_DEV -d 192.168.1.1 -j MARK --set-mark 1
...
/sbin/iptables -t mangle -A OUTPUT --out-interface $GREEN_DEV -d 192.168.1.7 -j MARK --set-mark 7
/sbin/iptables -t mangle -A PREROUTING --in-interface $GREEN_DEV -s 192.168.1.1 -j MARK --set-mark 1
...
/sbin/iptables -t mangle -A PREROUTING --in-interface $GREEN_DEV -s 192.168.1.7 -j MARK --set-mark 7
/sbin/iptables -t mangle -A POSTROUTING --out-interface $GREEN_DEV -d 192.168.1.1 -j MARK --set-mark 1
...
/sbin/iptables -t mangle -A POSTROUTING --out-interface $GREEN_DEV -d 192.168.1.7 -j MARK --set-mark 7
Then I want to give everybody a rate of 18kbit
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev eth1 root 2> /dev/null > /dev/null
tc qdisc del dev eth0 root 2> /dev/null > /dev/null
tc qdisc add dev eth1 root handle 10: htb
tc class add dev eth1 parent 10: classid 10:10 htb rate 125kbit ceil 128kbit burst 4k
tc class add dev eth1 parent 10:10 classid 10:1 htb rate 18kbit ceil 128kbit prio 2 burst 4k
tc qdisc add dev eth1 parent 10:1 handle 1: sfq perturb 10
tc filter add dev eth1 parent 10: protocol ip handle 1 fw classid 10:1
tc filter add dev eth1 parent 10: protocol ip prio 2 u32 match ip src 192.168.1.1 flowid 10:1
tc filter add dev eth1 parent 10: protocol ip prio 3 u32 match ip dst 192.168.1.1 flowid 10:1
...
with hosts 2 to 7 works fine, while bandwidth of host 1 it is not shaped at all (all pakets go to default-root qdisc)
The 192.168.1 is runing win xp and Zone Alarm firewall. Most of the hosts are runing WinXP with no problem.
My question: Can it be that the packets are not being identified corectly because of the ZA firewall on Host 1?
I had problems before with host 1 that blocked some ports with ZA that had the result of freazing the workgroup
while it was online. that problem was fixed anyway.
Now please dont ask me to try to disable the ZA firewall because i have no access to host1.
And another thing: iptraf shows corectly that trafic is made from host 1 and its rate.
Thanks
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
reply other threads:[~2003-10-04 15:31 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106528156922007@msgid-missing \
--to=dragos_cinteza@web.de \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.