From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Upload restriction problem
Date: Thu, 04 Dec 2003 04:14:55 +0000 [thread overview]
Message-ID: <marc-lartc-107051177132431@msgid-missing> (raw)
In-Reply-To: <marc-lartc-107043169813197@msgid-missing>
Joel,
: Is this list is died? or any one dont want to help.
No, the list is not dead. Yes, there are people here who wish to help.
So get in the queue and have some patience.
: I am facing problem in restricting upload traffic on fake ip address
: 10.0.0.0/8 network. I can easily restrict upload traffic on my real ip
: address.
:
: eth0 --wan port connected to internet
: eth1 --lan port connect to local network
:
: my script on eth1 is working properly bcoz it is for downlink traffic
OK. Fair enough.
: this is the script which is having problem.
: --------------------------------------------------------------------------------------------------------------------
: tc qdisc del dev eth0 root
: tc qdisc add dev eth0 root handle 1: htb
: tc class add dev eth0 parent 1: classid 1:1 htb rate 80kbit ceil 80kbit quantum 1514
: ### Fake ip address
: tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10kbit ceil 15kbit quantum 1514
: tc qdisc add dev eth0 parent 1:10 handle 10 pfifo limit 2
: tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 10.2.5.15 flowid 1:10
When you say "fake" IP address, I presume you mean an RFC 1918 address,
which is not routable on public networks. If so, then you should probably
read Stef Coene's FAQ note about this very situation [0].
: ### Real ip address
: tc class add dev eth0 parent 1:1 classid 1:11 htb rate 20kbit ceil 25kbit quantum 1514
: tc qdisc add dev eth0 parent 1:11 handle 11 pfifo limit 2
: tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src x.x.x.x flowid 1:11
I presume that the x.x.x.x is a public IP address you are calling the
"Real ip address".
: This scipt can restrict the upload for Real ip address but Cant
: restrict upload for Fake ip address.
: I have checked this by # tc -s -d class ls dev eth0
Have you tried watching "tc -s -d class show dev eth0" at the same time as
you are watching "tcpdump -nn -i eth0 host 10.2.5.15"? Do you see any
packets leaving your box with a source address of 10.2.5.15? If not, then
you should be able to figure out what you need to do.
: tc filter cant match fake ip address ??????
Well, frankly, "tc filter" only deigns to match on real addresses of
transmitted packets*.
And please don't tap the glass. This generally leads to irritated beasts.
-Martin
[0] http://www.docum.org/stef.coene/qos/faq/cache/59.html
* This is humour.
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-12-04 4:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-03 5:15 [LARTC] Upload restriction problem Joel
2003-12-04 3:17 ` Joel
2003-12-04 4:14 ` Martin A. Brown [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-107051177132431@msgid-missing \
--to=mabrown-lartc@securepipe.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.