Re: [LARTC] htb problem

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thursday 12 June 2003 21:21, Ratel wrote:
> Hi,
>
> I have some interesting problem with htb , I set up root class and
> sub-classess:
>
> $TC qdisc add dev eth0 root handle 1: htb
> $TC class add dev eth0 parent 1: classid 1:1 htb rate 1990kbit ceil
> 2000kbit $TC class add dev eth0 parent 1:1 classid 1:10 htb rate 190kbit
> ceil 200kbit $TC class add dev eth0 parent 1:1 classid 1:11 htb rate
> 1400kbit ceil 1600kbit
> $TC class add dev eth0 parent 1:1 classid 1:12 htb rate 1000kbit ceil
> 1500kbit
> $TC class add dev eth0 parent 1:1 classid 1:13 htb rate 1000kbit ceil
> 1500kbit
> $TC class add dev eth0 parent 1:1 classid 1:14 htb rate 1000kbit ceil
> 1200kbit
The sum of the rates of the childs should be <= rate of parent.  In your case 
1400 + 1000 + 1000 + 1000 = 4400 and your parent rate is 1990.  It's not 
needed, but I recommend it.

> , filters and queuing disciplines :
> #filter
> $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 2 fw flowid
> 1:10 classid 1:10
> $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 3 fw flowid
> 1:11 classid 1:11
> $TC filter add dev eth0 protocol ip parent 1:0 prio 2 handle 4 fw flowid
> 1:12 classid 1:12
> $TC filter add dev eth0 protocol ip parent 1:0 prio 3 handle 5 fw flowid
> 1:13 classid 1:13
> $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 6 fw flowid
> 1:14 classid 1:14
> (note the packet marking classifier)
And I also note the different prios.  That's not needed.  Prio determines the 
order the filters are checked.  In your case it doesn't matter.

> adequate lines from firewall script :
> [...]
> # ftp
> $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state
> NEW,ESTABLISHED -t mangle -j MARK --set-mark 3
> # ssh
> $$IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state
> NEW,ESTABLISHED -t mangle -j MARK --set-mark 2
> # smtp
> $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state
> NEW,ESTABLISHED -t mangle -j MARK --set-mark 4
> [...]
Mhh.  Can you check with iptables -L -v -n that your packets are marked?  And 
can you tell us what's your setup ?  I mean wich nic is connected to the 
internet, what do you want to shape, is this also a firewall?  And try 
marking in the PREROUTING tables.


Stef

-- 

stef.coene@xxxxxxxxx
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux