All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Upload restriction problem
@ 2003-12-03  5:15 Joel
  2003-12-04  3:17 ` Joel
  2003-12-04  4:14 ` Martin A. Brown
  0 siblings, 2 replies; 3+ messages in thread
From: Joel @ 2003-12-03  5:15 UTC (permalink / raw)
  To: lartc

Dear all,

I am facing problem in restricting upload traffic on fake ip address 
10.0.0.0/8 network.
I can easily restrict upload traffic on my real ip address.

eth0 --wan port connected to internet
eth1 --lan port connect to local network

my script on eth1 is working properly bcoz it is for downlink traffic

this is the script which is having problem.
--------------------------------------------------------------------------------------------------------------------
tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb rate 80kbit ceil 80kbit 
quantum 1514
### Fake ip address
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10kbit ceil 
15kbit quantum 1514
tc qdisc add dev eth0 parent 1:10 handle 10 pfifo limit 2
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 
10.2.5.15 flowid 1:10
### Real ip address
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil 
25kbit quantum 1514
tc qdisc add dev eth0 parent 1:11 handle 11 pfifo limit 2
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 
x.x.x.x flowid 1:11
-----------------------------------------------------------------------------------------------------------------------
This scipt can restrict the upload for Real ip address but Cant restrict 
upload for Fake ip address.
I have checked this by # tc -s -d class ls dev eth0
M i doing any thing wrong ??
tc filter cant match fake ip address ??????

any Help ?
Thanks
joel


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Upload restriction problem
  2003-12-03  5:15 [LARTC] Upload restriction problem Joel
@ 2003-12-04  3:17 ` Joel
  2003-12-04  4:14 ` Martin A. Brown
  1 sibling, 0 replies; 3+ messages in thread
From: Joel @ 2003-12-04  3:17 UTC (permalink / raw)
  To: lartc

Is this list is died?
or any one dont want to help.
?????????????????????????????

Joel wrote:

> Dear all,
>
> I am facing problem in restricting upload traffic on fake ip address 
> 10.0.0.0/8 network.
> I can easily restrict upload traffic on my real ip address.
>
> eth0 --wan port connected to internet
> eth1 --lan port connect to local network
>
> my script on eth1 is working properly bcoz it is for downlink traffic
>
> this is the script which is having problem.
> --------------------------------------------------------------------------------------------------------------------
> tc qdisc del dev eth0 root
> tc qdisc add dev eth0 root handle 1: htb
> tc class add dev eth0 parent 1: classid 1:1 htb rate 80kbit ceil 
> 80kbit quantum 1514
> ### Fake ip address
> tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10kbit ceil 
> 15kbit quantum 1514
> tc qdisc add dev eth0 parent 1:10 handle 10 pfifo limit 2
> tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 
> 10.2.5.15 flowid 1:10
> ### Real ip address
> tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil 
> 25kbit quantum 1514
> tc qdisc add dev eth0 parent 1:11 handle 11 pfifo limit 2
> tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 
> x.x.x.x flowid 1:11
> -----------------------------------------------------------------------------------------------------------------------
> This scipt can restrict the upload for Real ip address but Cant 
> restrict upload for Fake ip address.
> I have checked this by # tc -s -d class ls dev eth0
> M i doing any thing wrong ??
> tc filter cant match fake ip address ??????
>
> any Help ?
> Thanks
> joel
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Upload restriction problem
  2003-12-03  5:15 [LARTC] Upload restriction problem Joel
  2003-12-04  3:17 ` Joel
@ 2003-12-04  4:14 ` Martin A. Brown
  1 sibling, 0 replies; 3+ messages in thread
From: Martin A. Brown @ 2003-12-04  4:14 UTC (permalink / raw)
  To: lartc

Joel,

 : Is this list is died?  or any one dont want to help.

No, the list is not dead.  Yes, there are people here who wish to help.
So get in the queue and have some patience.

 : I am facing problem in restricting upload traffic on fake ip address
 : 10.0.0.0/8 network.  I can easily restrict upload traffic on my real ip
 : address.
 :
 : eth0 --wan port connected to internet
 : eth1 --lan port connect to local network
 :
 : my script on eth1 is working properly bcoz it is for downlink traffic

OK.  Fair enough.

 : this is the script which is having problem.
 : --------------------------------------------------------------------------------------------------------------------
 : tc qdisc del dev eth0 root
 : tc qdisc add dev eth0 root handle 1: htb
 : tc class add dev eth0 parent 1: classid 1:1 htb rate 80kbit ceil 80kbit quantum 1514
 : ### Fake ip address
 : tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10kbit ceil 15kbit quantum 1514
 : tc qdisc add dev eth0 parent 1:10 handle 10 pfifo limit 2
 : tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.2.5.15 flowid 1:10

When you say "fake" IP address, I presume you mean an RFC 1918 address,
which is not routable on public networks.  If so, then you should probably
read Stef Coene's FAQ note about this very situation [0].

 : ### Real ip address
 : tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil 25kbit quantum 1514
 : tc qdisc add dev eth0 parent 1:11 handle 11 pfifo limit 2
 : tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src x.x.x.x flowid 1:11

I presume that the x.x.x.x is a public IP address you are calling the
"Real ip address".

 : This scipt can restrict the upload for Real ip address but Cant
 : restrict upload for Fake ip address.

 : I have checked this by # tc -s -d class ls dev eth0

Have you tried watching "tc -s -d class show dev eth0" at the same time as
you are watching "tcpdump -nn -i eth0 host 10.2.5.15"?  Do you see any
packets leaving your box with a source address of 10.2.5.15?  If not, then
you should be able to figure out what you need to do.

 : tc filter cant match fake ip address ??????

Well, frankly, "tc filter" only deigns to match on real addresses of
transmitted packets*.

And please don't tap the glass.  This generally leads to irritated beasts.

-Martin

 [0] http://www.docum.org/stef.coene/qos/faq/cache/59.html

   * This is humour.

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-12-04  4:14 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-12-03  5:15 [LARTC] Upload restriction problem Joel
2003-12-04  3:17 ` Joel
2003-12-04  4:14 ` Martin A. Brown

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.