Search This Blog

Thursday, July 21, 2005

Re: TBF queuing and tc question

2005. július 21. 23:15,
"Martin G.H. Minkler" <dukeofnukem@gmx.net>
-> Debian-Firewall <debian-firewall@lists.debian.org>,LeVA:
> Alohá
>
> LeVA wrote:
> > Hi!
> >
> > I have this setup now:
>
> [...]
>
> > Now the 128kbit/sec restriction doesn't apply to the internet uploads
> > (which are marked with iptables, because these are going thru the
> > router), but the LAN uploads are at full speed. What am I doing wrong?
>
> Sorry, that was my mistake, but since the final destination of the
> packets is the internet and not the router itself, with this setup for
> the MARK target You shape only the traffic with the endpoint router ~:-/
>
> So for Your situation You want to do something inverse, like
>
> iptables -t mangle -A PREROUTING -d ! <network LAN, i.e. 192.168.1.0/24>
> -j MARK --set-mark 1
>
Thanks Martin, changed this but the 128kbit restriction still don't apply.

So here is again, what I'm doing:

iptables -t mangle -A PREROUTING -d ! 192.168.0.0/24 -j MARK --set-mark 1

tc qdisc add dev eth0 root handle 1:0 htb default 10

tc class add dev eth0 parent 1:0 classid 1:1 htb rate 128kbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 100mbit

tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:1

--- The result:

# tc qdisc show dev eth0
qdisc htb 1: r2q 10 default 10 direct_packets_stat 0

# tc class show dev eth0
class htb 1:1 root rate 128000bit ceil 128000bit burst 1615b cburst 1615b
class htb 1:10 parent 1:1 prio 0 rate 100000Kbit ceil 100000Kbit burst 14087b
cburst 14087b

# tc filter show dev eth0
filter parent 1: protocol ip pref 1 fw
filter parent 1: protocol ip pref 1 fw handle 0x1 classid 1:1

# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK all -- anywhere !localnet/24 MARK set 0x1

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Could someone please point out, what is wrong, and why the 128kbit restriction
gets ignored?

Thanks!

Daniel

--
LeVA

No comments: