All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Pakets marked but no shapeing is done
@ 2003-10-19  9:31 =?unknown-8bit?q?Drago=C2=BA_Cintez=C3=A3?=
  2003-10-19 17:22 ` Dragoa Cinteza
                   ` (6 more replies)
  0 siblings, 7 replies; 8+ messages in thread
From: =?unknown-8bit?q?Drago=C2=BA_Cintez=C3=A3?= @ 2003-10-19  9:31 UTC (permalink / raw)
  To: lartc

<html><head>
<style>
body { FONT-FAMILY:'georgia' ; FONT-SIZE:12 ; }
</style>
</head>
<body align=>
   Hello  lartc users,<br>
<br>
I mark pakets (by MAC and IP), works on my lan except for 1 single host. <br>
This host is able to fuck-up the entire network because not a single bit of <br>
his traffic is shaped. this way when he is downloading there is no more <br>
internet  in the entire LAN.<br>
<br>
<br>
Here is what I get:<br>
<br>
~ # iptables -L -n -v <br>
Chain INPUT (policy DROP 129 packets, 18244 bytes) <br>
 pkts bytes target     prot opt in     out     source               destination <br>
 121K   89M ipac~o     all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

   0     0 PSCAN      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x3F <br>

   0     0 PSCAN      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x00 <br>

2106  103K            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02 limit: avg 10/sec burst 5 <br>
 121K   89M CUSTOMINPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

117K   88M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED <br>
  215  7951 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0 <br>
   21  1260 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

 671 40197 ACCEPT     all  --  eth0   *       192.168.1.1          0.0.0.0/0          MAC 00:02:44:67:30:30 <br>

  54  4471 ACCEPT     all  --  eth0   *       192.168.1.2          0.0.0.0/0          MAC 00:02:44:67:30:5E <br>

1417 87806 ACCEPT     all  --  eth0   *       192.168.1.3          0.0.0.0/0          MAC 00:02:44:59:71:40 <br>

 734 56195 ACCEPT     all  --  eth0   *       192.168.1.4          0.0.0.0/0          MAC 00:D0:09:D5:6B:12 <br>

 394 28308 ACCEPT     all  --  eth0   *       192.168.1.5          0.0.0.0/0          MAC 00:50:FC:9D:7A:5B <br>

   0     0 ACCEPT     all  --  eth0   *       192.168.1.6          0.0.0.0/0          MAC 00:80:5F:8F:C2:48 <br>

 109 11947 ACCEPT     all  --  eth0   *       192.168.1.7          0.0.0.0/0          MAC 00:06:4F:05:FB:16 <br>
    0     0 ACCEPT     all  --  ipsec+ *       0.0.0.0/0            0.0.0.0/0 <br>
  129 18244 RED        all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>
  129 18244 XTACCESS   all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

 113 16529 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `INPUT ' <br>
 <br>
Chain FORWARD (policy DROP 0 packets, 0 bytes) <br>
 pkts bytes target     prot opt in     out     source               destination <br>
 198K   62M ipac~fi    all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>
 198K   62M ipac~fo    all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

   0     0 PSCAN      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x3F <br>

   0     0 PSCAN      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x00 <br>

198K   62M CUSTOMFORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

190K   61M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED <br>

   0     0 ACCEPT     all  --  eth0   *       192.168.1.1          0.0.0.0/0          MAC 00:02:44:67:30:30 <br>

   1    48 ACCEPT     all  --  eth0   *       192.168.1.2          0.0.0.0/0          MAC 00:02:44:67:30:5E <br>

 429 54514 ACCEPT     all  --  eth0   *       192.168.1.3          0.0.0.0/0          MAC 00:02:44:59:71:40 <br>

6831  832K ACCEPT     all  --  eth0   *       192.168.1.4          0.0.0.0/0          MAC 00:D0:09:D5:6B:12 <br>

 478 28669 ACCEPT     all  --  eth0   *       192.168.1.5          0.0.0.0/0          MAC 00:50:FC:9D:7A:5B <br>

   0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.1.5        tcp dpt:19995 <br>

   0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.1.5        tcp dpt:19995 <br>

   0     0 ACCEPT     all  --  eth0   *       192.168.1.6          0.0.0.0/0          MAC 00:80:5F:8F:C2:48 <br>

  72  5774 ACCEPT     all  --  eth0   *       192.168.1.7          0.0.0.0/0          MAC 00:06:4F:05:FB:16 <br>
    0     0 ACCEPT     all  --  ipsec+ *       0.0.0.0/0            0.0.0.0/0 <br>

   0     0 PORTFWACCESS  all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>
    0     0 DMZHOLES   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0 <br>

   0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `OUTPUT ' <br>
 <br>
Chain OUTPUT (policy ACCEPT 141K packets, 85M bytes) <br>
 pkts bytes target     prot opt in     out     source               destination <br>
 141K   85M ipac~i     all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>
 <br>
Chain CUSTOMFORWARD (1 references) <br>
 pkts bytes target     prot opt in     out     source               destination <br>
 <br>
The
bad host is 192.168. 1.1. As you can see his pakets are marked, but then the shapeing is not done at all.<br>
 <br>
~ # tc -d -s class show dev eth1 <br>
class
htb 10:10 root rate 125Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 7 <br>
 Sent 45405999 bytes 110084 pkts (dropped 0, overlimits 0) <br>
 rate 90bps 1pps <br>
 lended: 35284 borrowed: 0 giants: 0 <br>
 tokens: 2086912 ctokens: 79872 <br>
 <br>
class
htb 10:1 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) <br>
 lended: 0 borrowed: 0 giants: 0 <br>
 tokens: 14563554 ctokens: 90112 <br>
 <br>
class
htb 10:2 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) <br>
 lended: 0 borrowed: 0 giants: 0 <br>
 tokens: 14563554 ctokens: 90112 <br>
 <br>
class
htb 10:3 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 446562 bytes 6804 pkts (dropped 0, overlimits 0) <br>
 rate 5bps <br>
 lended: 6804 borrowed: 0 giants: 0 <br>
 tokens: 14344532 ctokens: 58573 <br>
 <br>
class
htb 10:4 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 44734592 bytes 102026 pkts (dropped 0, overlimits 0) <br>
 rate 37bps <br>
 lended: 66742 borrowed: 35284 giants: 0 <br>
 tokens: 14518044 ctokens: 83560 <br>
 <br>
class
htb 10:5 parent 10:10 prio 2 quantum 1500 rate 20Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 216317 bytes 1153 pkts (dropped 0, overlimits 0) <br>
 rate 60bps <br>
 lended: 1153 borrowed: 0 giants: 0 <br>
 tokens: 12304384 ctokens: 79872 <br>
 <br>
class
htb 10:6 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) <br>
 lended: 0 borrowed: 0 giants: 0 <br>
 tokens: 14563554 ctokens: 90112 <br>
 <br>
class
htb 10:7 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 8528 bytes 101 pkts (dropped 0, overlimits 0) <br>
 lended: 101 borrowed: 0 giants: 0 <br>
 tokens: 14546488 ctokens: 87655 <br>
  <br>
And this is the version I use<br>
kernel HTB init, kernel part version 3.10 </body></html>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2003-11-01 12:35 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-10-19  9:31 [LARTC] Pakets marked but no shapeing is done =?unknown-8bit?q?Drago=C2=BA_Cintez=C3=A3?=
2003-10-19 17:22 ` Dragoa Cinteza
2003-10-20 15:40 ` Dragos Cinteza
2003-10-20 18:47 ` Stef Coene
2003-10-27 21:26 ` Dragos Cinteza
2003-10-28  7:41 ` Catalin BOIE
2003-10-28 18:18 ` Stef Coene
2003-11-01 12:35 ` =?unknown-8bit?q?Drago=C2=BA_Cintez=C3=A3?=

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.