Hello, its me again, I won't stop sending emails to this list, until I solve this problem, I've tried several apps to create the right htb rules (even made them my self), but I always get the same results, traffic gets shaped, but I can't use my bandwidth, and this is weird, because I should be able to, also I keep seeing download being limited too, and that shouldn't be happening, I don't think I'm the only one with this problem out there, so I will post here once again my configuration, to match p2p traffic and to shape it: ### ### iptables -t mangle -F iptables -t mangle -X iptables -t mangle -N lay7PRE iptables -t mangle -N lay7POST iptables -t mangle -N ipp2pPRE iptables -t mangle -N ipp2pPOST ### PREROUTING RULES ### iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 3 iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 3 iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 3 -j CONNMARK --save-mark iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1 iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2 iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark ### POSTROUTING RULES ### iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 3 -j CLASSIFY --set-class 1:30 iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY --set-class 1:20 iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY --set-class 1:10 ### ### iptables -t mangle -A PREROUTING -j lay7PRE iptables -t mangle -A POSTROUTING -j lay7POST iptables -t mangle -A PREROUTING -j ipp2pPRE iptables -t mangle -A POSTROUTING -j ipp2pPOST TC RULES tc qdisc add dev eth1 handle 1:0 root dsmark indices 8 default_index 0 tc qdisc add dev eth1 handle 2:0 parent 1:0 htb tc class add dev eth1 parent 2:0 classid 2:1 htb rate 22000bps ceil 22000bps tc class add dev eth1 parent 2:1 classid 2:2 htb rate 3000bps ceil 5000bps prio 0 tc qdisc add dev eth1 handle 3:0 parent 2:2 sfq tc class add dev eth1 parent 2:1 classid 2:3 htb rate 5000bps ceil 6000bps prio 1 tc qdisc add dev eth1 handle 4:0 parent 2:3 sfq tc class add dev eth1 parent 2:1 classid 2:4 htb rate 8000bps ceil 8000bps prio 2 tc qdisc add dev eth1 handle 5:0 parent 2:4 sfq tc class add dev eth1 parent 2:1 classid 2:5 htb rate 10000bps ceil 10000bps burst 0 cburst 0 prio 3 quantum 1500 tc qdisc add dev eth1 handle 6:0 parent 2:5 sfq tc class add dev eth1 parent 2:1 classid 2:6 htb rate 10000bps ceil 22000bps prio 1 tc qdisc add dev eth1 handle 7:0 parent 2:6 sfq tc filter add dev eth1 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift 0 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 5 tcindex classid 2:6 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 4 tcindex classid 2:4 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 3 tcindex classid 2:5 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 2 tcindex classid 2:3 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 1 tcindex classid 2:2 tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at 0 match u16 0x0 0xffc0 at 2 classid 1:5 tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at 0 match u8 0x10 0x10 at 33 classid 1:4 tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at 0 classid 1:5 tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 at 0 classid 1:5 well, this rules are generated with tcng (tcc actually), and I see traffic going to the p2p rule (being 2:5), but still I'm not able to browse the web! nor chat nor anything, someone adviced me to create an interactive class and then leave the unmatched traffic go to a default class (and here'll go p2p traffic too), but then I'm running a squid server at home, and thus I don't know what port to specify to do this, anyway, I've tried already with normal http traffic, with layer7, I see the traffic going to the iptables chain, but yet it'll still won't work, p2p traffic keeps eating all my bandwidth, its ignoring all the priorities I have in my tc rules (being the 2:5 class the one with the lowest priority), I really need to get this working, and I know there's some ppl that has lots of more experience that me, and I'm sure you can help me. Thank you EDGAR MERINO _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
