urgent probllem

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,
I am very new to traffic control.
I read the lartc how to and I am curently using the script in ch15 (cookbook) with some restricion : I excluded the ingress section and i implemented the rest on both interfaces of my firewall.(eth0 the internet interface and eth1 the LAN interface).find below the script use on eth1 
(ssh priority one and all other 2)
##################################### Egress on eth1:the LAN interface ####################################### 

DEV=eth1

# install root HTB, point default traffic to 1:20
$TC qdisc add dev $DEV root handle 1: htb default 20
# shape everything at $UPLINK speed - this prevents huge queues in your DSL modem which destroy latency: 
$TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
# high prio class 1:10:
$TC class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit burst 6k prio 1 # bulk & default class 1:20 - gets slightly less traffic and a lower priority: $TC class add dev $DEV parent 1:1 classid 1:20 htb rate 64kbit ceil ${UPLINK}kbit burst 3k prio 2 

# both get Stochastic Fairness:
$TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
$TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10 $TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip dport 22 0xffff flowid 1:10 $TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip sport 22 0xffff flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we can do measurements & impress our friends: $TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets of the download in the interactive class: 
$TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

# rest is .non-interactive. ie .bulk. and ends up in 1:20
###################################################################################

the same on eth0 with DEV=eth0
I tried the script on my lab using one pc as firewall with 2 eth one connected to my lan and the athore to a pc simulated as internet and everything worked fine. When implemented on my real fw connected to the internet I didn't get the desired result that i got in the test.(the ssh or scp doesn't get the 1rst priority ....) 
I am somewhat confused .Please any help?

Regards


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux