[LARTC] Newbie ask

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Saturday 28 December 2002 08:13, liang jian wrote:
> My Settings:
>
> LAN--------------| TC |------------------EX
>
>
>
>                      DMZ
>
> iptables -t mangle -A OUTPUT -o $DEV -p tcp  --dport 80 -j MARK --set-m=
ark
> 1
>
> iptables -t mangle -A OUTPUT -o $DEV -p tcp  --dport 22 -j MARK --set-m=
ark
> 2
>
> tc qdisc add dev $DEV root handle 1: cbq bandwidth $BANDWIDTH rate 1Mbi=
t
> avpkt 1000 mpu 64
>
> tc class add dev $DEV parent 1:0 classid 1:2 cbq bandwidth $BANDWIDTH r=
ate
> $RATE_PRIO  allot 1514  maxburst 20 avpkt 1000  isolated bounded
>
> tc class add dev $DEV parent 1:0 classid 1:3 cbq bandwidth $BANDWIDTH r=
ate
> $RATE_LOW  allot 1514  maxburst 20 avpkt 1000  isolated bounded
>
> tc class add dev $DEV parent 1:3 classid 1:5 cbq bandwidth $BANDWIDTH r=
ate
> $RATE_LOW_FAV allot 1514  maxburst 2 avpkt 1000 isolated bounded
>
> tc class add dev $DEV parent 1:3 classid 1:6 cbq bandwidth $BANDWIDTH r=
ate
> $RATE_LOW_LOW allot 1514  maxburst 2 avpkt 1000 isolated bounded
>
> tc qdisc add dev $DEV parent 1:2 handle 2: tbf rate 0.5Mbit burst 20kb
> latency 70ms peakrate 10Mbit minburst 1540 tc qdisc add dev $DEV parent=
 1:3
> handle 3: tbf rate 0.5Mbit burst 20kb latency 70ms peakrate 10Mbit minb=
urst
> 1540 tc filter add dev $DEV parent 1:0 protocol ip handle 1 fw flowid 1=
:2
>
> tc filter add dev $DEV parent 1:0 protocol ip handle 2 fw flowid 1:5
> tc filter add dev $DEV parent 1:0 protocol ip handle 3 fw flowid 1:6
>
>
> I land DMZ's ssh or surfing from LAN.
>
> #tc -s class ls dev eth1
> class cbq 1: root rate 1Mbit (bounded,isolated) prio no-transmit
>  Sent 557044 bytes 719 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 6249 undertime 0
> class cbq 1:2 parent 1: leaf 2: rate 700Kbit (bounded,isolated) prio
> no-transmit Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 257728 undertime 0
> class cbq 1:3 parent 1: leaf 3: rate 300Kbit (bounded,isolated) prio
> no-transmit Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 603732 undertime 0
> class cbq 1:5 parent 1:3 rate 180Kbit (bounded,isolated) prio no-transm=
it
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 74457 undertime 0
> class cbq 1:6 parent 1:3 rate 120Kbit (bounded,isolated) prio no-transm=
it
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 111751 undertime 0
>
>
> why class 1:5 and 1:6 send 0 bytes 0 pkts?
Class 1:5 contains all packets with dport 22.  So you want to put all ftp=
-data=20
packets in it.  Right?  But ftp can use a dynamic port for ftp-data.
And you have a filter to redirect all packets with mark 3 to class 1:6 bu=
t you=20
never mark the packets with mark 3.  You only mark them with 1 and 2 so I=
=20
think you miss an iptables command.

And an other tip.  Remove the isolated parameter.  It's not working and i=
t=20
will only caue troubles.

Stef


--=20

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux