* [LARTC] need suggest for tc..fw
@ 2001-04-23 19:06 johan
2001-04-26 6:06 ` Stef Coene
0 siblings, 1 reply; 2+ messages in thread
From: johan @ 2001-04-23 19:06 UTC (permalink / raw)
To: lartc
Dear all...
I got problem when define this rule
I had define class like this
#tc qdisc show dev eth0
qdisc tbf 8003: rate 128Kbit burst 10Kb lat 381.5ms
qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit
#tc class show dev eth0
class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
class cbq 1:1 parent 1: rate 10Mbit prio no-transmit
class cbq 1:1234 parent 1:1 leaf 8003: rate 128Kbit (bounded,isolated) prio
5
#tc filter show dev eth0
filter parent 1: protocol ip pref 100 u32
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800
bkt 0 flowid 1:1234
match 00140000/ffff0000 at 20
This configuration my iptables,
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK tcp -- anywhere anywhere state RELATED
tcp dpt:ftp MARK set 0x1
MARK tcp -- anywhere anywhere state RELATED
tcp spt:ftp MARK set 0x1
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
So, I want to limit passive ftp traffic.
1. Tag every packet that RELATED to ftp (RELATED here, I mean refer to
passive ftp).
2. Define filter
But when I define tc with fwmark value based, I got error..
I define like this
# tc filter add dev eth0 parent 1: protocol ip pref 100 handle 1 fw classid
1:1234
and I got error like this
RTNETLINK answers: Invalid argument
Why ?, any suggest ?
Thanks in Advance
Johan
--
-\x1e'-
(o o)
---------ooO--(_)--Ooo-------------------------------------------------
( )/ \( )( ) ( ) ( \( ) Visit us at http://www.pinguind.co.id
__)(( () ))__( /__\ ) ( Feel free to contact me at ICQ #47240718
(___/ \__/(_)(_)(_)(_)(_)\_) email:johan@pinguind.co.id
-----------------------------------------------------------------------
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [LARTC] need suggest for tc..fw
2001-04-23 19:06 [LARTC] need suggest for tc..fw johan
@ 2001-04-26 6:06 ` Stef Coene
0 siblings, 0 replies; 2+ messages in thread
From: Stef Coene @ 2001-04-26 6:06 UTC (permalink / raw)
To: lartc
It's easier to debug if you send as the commands you are using.
Stef
johan@pinguind.co.id wrote:
>
> Dear all...
> I got problem when define this rule
> I had define class like this
>
> #tc qdisc show dev eth0
>
> qdisc tbf 8003: rate 128Kbit burst 10Kb lat 381.5ms
> qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit
>
> #tc class show dev eth0
> class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
> class cbq 1:1 parent 1: rate 10Mbit prio no-transmit
> class cbq 1:1234 parent 1:1 leaf 8003: rate 128Kbit (bounded,isolated) prio
> 5
>
> #tc filter show dev eth0
> filter parent 1: protocol ip pref 100 u32
> filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
> filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800
> bkt 0 flowid 1:1234
> match 00140000/ffff0000 at 20
>
> This configuration my iptables,
>
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> MARK tcp -- anywhere anywhere state RELATED
> tcp dpt:ftp MARK set 0x1
> MARK tcp -- anywhere anywhere state RELATED
> tcp spt:ftp MARK set 0x1
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> So, I want to limit passive ftp traffic.
> 1. Tag every packet that RELATED to ftp (RELATED here, I mean refer to
> passive ftp).
> 2. Define filter
> But when I define tc with fwmark value based, I got error..
>
> I define like this
> # tc filter add dev eth0 parent 1: protocol ip pref 100 handle 1 fw classid
> 1:1234
>
> and I got error like this
> RTNETLINK answers: Invalid argument
>
> Why ?, any suggest ?
> Thanks in Advance
>
> Johan
>
>
> --
> -\x1e'-
> (o o)
> ---------ooO--(_)--Ooo-------------------------------------------------
> ( )/ \( )( ) ( ) ( \( ) Visit us at http://www.pinguind.co.id
> __)(( () ))__( /__\ ) ( Feel free to contact me at ICQ #47240718
> (___/ \__/(_)(_)(_)(_)(_)\_) email:johan@pinguind.co.id
> -----------------------------------------------------------------------
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
--
Staf
More QOS info : http://users.belgacom.net/staf/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-04-26 6:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-04-23 19:06 [LARTC] need suggest for tc..fw johan
2001-04-26 6:06 ` Stef Coene
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.