Since you were already using dummynet, try using NIST NET, the linux alternative for dummynet. Nirnimesh. On Fri, 2004-04-02 at 03:12, Shane Hickey wrote: > Howdy all, > I posted this message to the netfilter mailing-list and didn't get much > response. I apologize if anyone here is getting this for a > second time. > Anyway, I recently migrated my firewall from a FreeBSD box running > ipfilter, ipnat and dummynet to a Gentoo Linux box running netfilter and > tc. I have to admit that I'm having problems visualizing tc in my head. > So, I was wondering if I could get an assist. > Basically, when I run my NNTP client, it uses as much bandwidth as it > can get its grubby paws on. I have a 3M wireless connection and my ISP > doesn't limit me, but I think they will if I'm constantly using all 3M. > So, since my NNTP traffic is pretty much constantly ongoing, I'd like > to limit it to 800kbit. This was a breeze with dummynet, but I'm not > getting how to do it correctly with netfilter. > > Here's what I tried: > > $IPT -t mangle -N SHAPE-NNTP > $IPT -t mangle -I PREROUTING -i $WANIFACE -j SHAPE-NNTP > $IPT -t mangle -A SHAPE-NNTP -p tcp --sport 119 -j MARK --set-mark 119 > > My thoughts on placing it in PREROUTING is that I'd like to shape the > traffic as soon as possible so that my firewall gets the benefit of > dealing with the reduced load as soon as possible. But, maybe that's > just foolishness? > > Here's the tc rules I tried. > > tc qdisc add dev $WANIFACE root handle 1: htb default 60 > tc class add dev $WANIFACE parent 1: classid 1:1 htb rate 10Mbit > tc class add dev $WANIFACE parent 1:1 classid 1:119 htb rate 800kbit > tc filter add dev $WANIFACE parent 1:1 protocol ip handle 119 fw flowid > 1:119 > > The one weird thing is that when I do a 'tc filter show dev $WANIFACE' > nothing comes back. But 'tc class show dev $WANIFACE' and 'tc qdisc > show dev $WANIFACE" return useful information. > > Here's some information that may be relevant: > > Linux elijah 2.4.24-hardened-r1 #1 Wed Mar 31 14:20:58 MST 2004 i686 > Mobile Pentium II GenuineIntel GNU/Linux > iproute-20010824-r4 > iptables-1.2.9 > > Thanks, _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
