Hi! I want to use hashlimit for giving all my users a fix set of bandwidth of 512kbps for accessing internet. I am using following command. # allowing return packets so that rate limiting is done only on forward packets. iptables -A FORWARD -s 192.168.192.168 -j ACCEPT # If limit is upto 512 then allow iptables -A FORWARD -m hashlimit --hashlimit-name test512 --hashlimit-mode srcip --hashlimit-htable-size 1000 --hashlimit-htable-max 1000 --hashlimit-upto 64kb/s --hashlimit-burst 128kb -j ACCEPT # else drop iptables -A FORWARD -j DROP I am not observing the expected behaviour. I am sending ping of 100 bytes continously at 10 msec interval. What I observed is , I got back reply of only first 2 pings and for remaining there is no reply. Nest reply came only after 103 Seconds !!! and that too only a single reply. output of iptables -L -n -v also shows only 2 packets matching this rule. output of command cat /proc/net/ipt_hashlimit/test512 come like 59 10.10.10.10:0->192.168.192.168:0 764416 6688000 3328000 the number 764416 keeps on increasing but not observed any reply till it reaches the value of 3328000. But it takes huge time (~103 Seconds) to reach that value. Can anyone please explain all this behaviour ? Thank you . -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
