Re: [LARTC] htb problem

From: "Ratel" <ratel@aonet.pl>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] htb problem
Date: Wed, 25 Jun 2003 11:14:17 +0000	[thread overview]
Message-ID: <marc-lartc-105653946712793@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100803866815679@msgid-missing>

Thx a lot for help , I finally managed to rebuild my firewall script,

for people who have same problem as I had, I can say that
the problem lies in propper packet marking (iptables) , sample lines from my
firewall script :

iptables -t mangle -I PREROUTING -i eth0 -p tcp --dport 21 -j
MARK --set-mark 2
iptables -t mangle -I PREROUTING -i eth0 -p tcp --dport 443 -j
MARK --set-mark 3

it's ofcourse not the only way to mark them,
http://www.docum.org/stef.coene/qos/kptd/ is very useful with that.

regards, Ratel <ratel@aonet.pl>

----- Original Message -----
From: "Stef Coene" <stef.coene@docum.org>
To: "Ratel" <ratel@aonet.pl>; <lartc@mailman.ds9a.nl>
Sent: Thursday, June 12, 2003 9:35 PM
Subject: Re: [LARTC] htb problem

> On Thursday 12 June 2003 21:21, Ratel wrote:
> > Hi,
> >
> > I have some interesting problem with htb , I set up root class and
> > sub-classess:
> >
> > $TC qdisc add dev eth0 root handle 1: htb
> > $TC class add dev eth0 parent 1: classid 1:1 htb rate 1990kbit ceil
> > 2000kbit $TC class add dev eth0 parent 1:1 classid 1:10 htb rate 190kbit
> > ceil 200kbit $TC class add dev eth0 parent 1:1 classid 1:11 htb rate
> > 1400kbit ceil 1600kbit
> > $TC class add dev eth0 parent 1:1 classid 1:12 htb rate 1000kbit ceil
> > 1500kbit
> > $TC class add dev eth0 parent 1:1 classid 1:13 htb rate 1000kbit ceil
> > 1500kbit
> > $TC class add dev eth0 parent 1:1 classid 1:14 htb rate 1000kbit ceil
> > 1200kbit
> The sum of the rates of the childs should be <= rate of parent.  In your
case
> 1400 + 1000 + 1000 + 1000 = 4400 and your parent rate is 1990.  It's not
> needed, but I recommend it.
>
> > , filters and queuing disciplines :
> > #filter
> > $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 2 fw flowid
> > 1:10 classid 1:10
> > $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 3 fw flowid
> > 1:11 classid 1:11
> > $TC filter add dev eth0 protocol ip parent 1:0 prio 2 handle 4 fw flowid
> > 1:12 classid 1:12
> > $TC filter add dev eth0 protocol ip parent 1:0 prio 3 handle 5 fw flowid
> > 1:13 classid 1:13
> > $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 6 fw flowid
> > 1:14 classid 1:14
> > (note the packet marking classifier)
> And I also note the different prios.  That's not needed.  Prio determines
the
> order the filters are checked.  In your case it doesn't matter.
>
> > adequate lines from firewall script :
> > [...]
> > # ftp
> > $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state
> > NEW,ESTABLISHED -t mangle -j MARK --set-mark 3
> > # ssh
> > $$IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state
> > NEW,ESTABLISHED -t mangle -j MARK --set-mark 2
> > # smtp
> > $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state
> > NEW,ESTABLISHED -t mangle -j MARK --set-mark 4
> > [...]
> Mhh.  Can you check with iptables -L -v -n that your packets are marked?
And
> can you tell us what's your setup ?  I mean wich nic is connected to the
> internet, what do you want to shape, is this also a firewall?  And try
> marking in the PREROUTING tables.
>
>
> Stef
>
> --
>
> stef.coene@docum.org
>  "Using Linux as bandwidth manager"
>      http://www.docum.org/
>      #lartc @ irc.oftc.net
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/