Hi, I have a router/firewall running Linux (like the most of you) and I wanted to do some traffic control. I've created an root PRIO qdisc like the example in paragraph 9.5.3.1 (http://www.lartc.org/howto/lartc.qdisc.classful.html#AEN903) with three SFQ child-classes. I wanted for interactive (ssh, telnet, ftp-control) and dns-traffic to be placed in the first queue, http should go in the second and all the other traffic should be placed in the third queue. For those interested these are the commands issued: #create the queues tc qdisc add dev eth0 root handle 1: prio tc qdisc add dev eth0 parent 1:1 handle 10: sfq tc qdisc add dev eth0 parent 1:2 handle 20: sfq tc qdisc add dev eth0 parent 1:3 handle 30: sfq #add the filters tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10 tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:20 tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 3 fw classid 1:30 Next I created some iptables rules for marking #Traffic for band #1 iptables -t mangle -A PREROUTING -p tcp --sport 22 -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p tcp --sport 22 -j RETURN iptables -t mangle -A PREROUTING -p tcp --sport 23 -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p tcp --sport 23 -j RETURN iptables -t mangle -A PREROUTING -p tcp --sport 21 -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p tcp --sport 21 -j RETURN iptables -t mangle -A PREROUTING -p tcp --sport 53 -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p tcp --dport 53 -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p udp --sport 53 -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p udp --dport 53 -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p tcp --sport 53 -j RETURN iptables -t mangle -A PREROUTING -p tcp --dport 53 -j RETURN iptables -t mangle -A PREROUTING -p udp --sport 53 -j RETURN iptables -t mangle -A PREROUTING -p udp --dport 53 -j RETURN #HTTP traffic should go to band #2 iptables -t mangle -A PREROUTING -p tcp --sport 80 -j MARK --set-mark 0x2 iptables -t mangle -A PREROUTING -p tcp --sport 80 -j RETURN iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 0x2 iptables -t mangle -A PREROUTING -p tcp --dport 80 -j RETURN #All others should go to band #3 iptables -t mangle -A PREROUTING -j MARK --set-mark 0x3 iptables -t mangle -A PREROUTING -j RETURN I'd have thought that should do the trick but when I issue the command: tc -s qdisc ls dev eth0 I got this as the output: qdisc sfq 30: quantum 1514b Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 20: quantum 1514b Sent 37645739 bytes 63959 pkts (dropped 0, overlimits 0) qdisc sfq 10: quantum 1514b Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc prio 1: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 37671714 bytes 64170 pkts (dropped 0, overlimits 0) As you can see all the traffic goes to 20: while it shouldn't. I thought that iptables would mark the traffic and the tc filter commands should direct traffic to the appropriate band. What am I doing wrong? Thank you for your time Jonathan Maasland _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
