[LARTC] HTB Question...

TeraHz <terahz@xxxxxxx> · Wed, 04 Jun 2003 23:27:42 +0300 (EEST)

htb script:
#!/bin/bash
tc qdisc del dev eth1 root handle 1:
tc qdisc add dev eth1 root handle 1: htb default 12
tc class add dev eth1 parent 1: classid 1:1 htb rate 48kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:16 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:17 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:18 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:19 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:21 htb rate 4kbps ceil 48kbps
tc class add dev eth1 parent 1:1 classid 1:22 htb rate 4kbps ceil 48kbps

tc filter add dev eth1 parent 1:1 protocol ip handle 10 fw classid 1:10
tc filter add dev eth1 parent 1:1 protocol ip handle 11 fw classid 1:12
tc filter add dev eth1 parent 1:1 protocol ip handle 13 fw classid 1:13
tc filter add dev eth1 parent 1:1 protocol ip handle 14 fw classid 1:14
tc filter add dev eth1 parent 1:1 protocol ip handle 15 fw classid 1:15
tc filter add dev eth1 parent 1:1 protocol ip handle 19 fw classid 1:16
tc filter add dev eth1 parent 1:1 protocol ip handle 20 fw classid 1:17
tc filter add dev eth1 parent 1:1 protocol ip handle 24 fw classid 1:18
tc filter add dev eth1 parent 1:1 protocol ip handle 29 fw classid 1:19
tc filter add dev eth1 parent 1:1 protocol ip handle 32 fw classid 1:20
tc filter add dev eth1 parent 1:1 protocol ip handle 33 fw classid 1:21
tc filter add dev eth1 parent 1:1 protocol ip handle 34 fw classid 1:22
iptables -F -t mangle
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.10 -j MARK --set-
mark 10
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.11 -j MARK --set-
mark 11
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.13 -j MARK --set-
mark 13
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.14 -j MARK --set-
mark 14
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.15 -j MARK --set-
mark 15
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.19 -j MARK --set-
mark 19
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.20 -j MARK --set-
mark 20
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.24 -j MARK --set-
mark 24
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.29 -j MARK --set-
mark 29
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.32 -j MARK --set-
mark 32
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.33 -j MARK --set-
mark 33
iptables -A FORWARD -i eth0 -t mangle -s 192.168.193.34 -j MARK --set-
mark 34

Firewall ans routing script:
#!/bin/sh
IPT=/usr/sbin/iptables
EXTIF="eth1"
INTIF="eth0"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPT -P INPUT ACCEPT
$IPT -F INPUT
$IPT -P OUTPUT ACCEPT
$IPT -F OUTPUT
$IPT -P FORWARD DROP
$IPT -F FORWARD
$IPT -t nat -F
$IPT -A FORWARD -i $EXTIF -o $INTIF -m state --state 
ESTABLISHED,RELATED -j ACCEPT
#$IPT -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPT -A FORWARD -j LOG
$IPT -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#####THE FIREWALL PART######
$IPT -A INPUT -i $INTIF -j DROP
$IPT -A INPUT -i $INTIF -s 192.168.193.10 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.11 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.13 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.14 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.15 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.19 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.20 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.24 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.29 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.32 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.33 -j ACCEPT
$IPT -A INPUT -i $INTIF -s 192.168.193.34 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.10 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.11 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.13 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.14 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.15 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.19 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.20 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.24 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.29 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.32 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.33 -j ACCEPT
$IPT -A FORWARD -i $INTIF -s 192.168.193.34 -j ACCEPT
$IPT -A FORWARD -i $INTIF -j DROP

this are the latest scripts. I've made a LOT of changes.

the packets are marking:

iptables -L -n -v -t mangle
Chain PREROUTING (policy ACCEPT 113K packets, 79M bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain INPUT (policy ACCEPT 4001 packets, 587K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 109K packets, 79M bytes)
 pkts bytes target     prot opt in     out     source               
destination
    6   507 MARK       all  --  eth0   *       192.168.193.10       
0.0.0.0/0          MARK set 0xa
  392 26685 MARK       all  --  eth0   *       192.168.193.11       
0.0.0.0/0          MARK set 0xb
  167 10011 MARK       all  --  eth0   *       192.168.193.13       
0.0.0.0/0          MARK set 0xd
    0     0 MARK       all  --  eth0   *       192.168.193.14       
0.0.0.0/0          MARK set 0xe
    0     0 MARK       all  --  eth0   *       192.168.193.15       
0.0.0.0/0          MARK set 0xf
    0     0 MARK       all  --  eth0   *       192.168.193.19       
0.0.0.0/0          MARK set 0x13
    0     0 MARK       all  --  eth0   *       192.168.193.20       
0.0.0.0/0          MARK set 0x14
  924 37625 MARK       all  --  eth0   *       192.168.193.24       
0.0.0.0/0          MARK set 0x18
    0     0 MARK       all  --  eth0   *       192.168.193.29       
0.0.0.0/0          MARK set 0x1d
    0     0 MARK       all  --  eth0   *       192.168.193.32       
0.0.0.0/0          MARK set 0x20
 1951 82564 MARK       all  --  eth0   *       192.168.193.33       
0.0.0.0/0          MARK set 0x21
    0     0 MARK       all  --  eth0   *       192.168.193.34       
0.0.0.0/0          MARK set 0x22

Chain OUTPUT (policy ACCEPT 414 packets, 112K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 109K packets, 79M bytes)
 pkts bytes target     prot opt in     out     source               
destination

The filters are not working:

 tc -s -d class show dev eth1
class htb 1:11 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:22 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:1 root rate 384Kbit ceil 384Kbit burst 2090b/8 mpu 0b cburst 
2090b/8 mpu 0b level 7
 Sent 279228 bytes 4454 pkts (dropped 0, overlimits 0)
 rate 2099bps 29pps
 lended: 38 borrowed: 0 giants: 0
 tokens: 29519 ctokens: 29519

class htb 1:10 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:13 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:20 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:12 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 279228 bytes 4454 pkts (dropped 0, overlimits 0)
 rate 2101bps 29pps
 lended: 4416 borrowed: 38 giants: 0
 tokens: 264002 ctokens: 29519

class htb 1:21 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:15 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:14 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:17 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:16 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:19 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

class htb 1:18 parent 1:1 prio 0 quantum 1000 rate 32Kbit ceil 384Kbit 
burst 1639b/8 mpu 0b cburst 2090b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 327999 ctokens: 34849

If I change the parent of the filters from 1:1 to 1: -> nothing happens!
Please tell me where is the problem!!!
Играй и спечели с Автомобилен Салон София 2003 - http://auto.dir.bg
-------------------------------------------------------------------
Направи си адрес в mail.bG - http://mail.bg/new/

[LARTC] HTB Question...

Linux Advanced Routing and Traffic Control