Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

htb + tc + iptables strange problems
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ii95m
n00b
n00b


Joined: 04 Aug 2004
Posts: 1
PostPosted: Wed Aug 04, 2004 12:44 pm    Post subject: htb + tc + iptables strange problems Reply with quote
Dear all,
In my machines, there are two interfaces (eth0 for internal, eth1 for internet), the machine is running masquerade.
I'm using kernel 2.6.6 love 4, iptables-1.2.9-r4 (compiled with extensions), iproute2 [2.6.7.20040608].
I've tried using kernel 2.6.7 (development gentoo)
The problem I'm having is like this:
if I make an iptables rules only using dport or sport, mark it with a marker, the htb works fine.
the problems occur only when I add source ip address, destination port, PREROUTING, INPUT, FORWARD rule, then the htb catches none of the mark, it goes to default class of htb.

here's my htb config:

#!/bin/bash

tc qdisc del dev eth1 root

tc qdisc add dev eth1 root handle 1: htb default 80 debug 3333333
tc class add dev eth1 parent 1: classid 1:1 htb rate 65kbit ceil 65kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 20kbit ceil 65kbit prio 3
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 5kbit ceil 10kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:30 htb rate 8kbit ceil 11kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:40 htb rate 23kbit ceil 23kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:80 htb rate 8kbit ceil 10kbit prio 4

tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev eth1 parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev eth1 parent 1:80 handle 80: sfq perturb 10

tc filter add dev eth1 parent 1:0 protocol ip handle 1 fw flowid 1:10
tc filter add dev eth1 parent 1:0 protocol ip handle 2 fw flowid 1:20
tc filter add dev eth1 protocol ip parent 1:0 handle 3 fw flowid 1:30
tc filter add dev eth1 parent 1:0 protocol ip handle 4 fw flowid 1:40
tc filter add dev eth1 protocol ip parent 1:0 handle 80 fw flowid 1:80

Here's my iptables:

-A PREROUTING -p tcp -m tcp --sport 3128 -j MARK --set-mark 0x2
-A PREROUTING -p tcp -m tcp --dport http -j MARK --set-mark 0x2
-A PREROUTING -p tcp -m tcp --dport https -j MARK --set-mark 0x2
-A PREROUTING -p tcp -m tcp --dport 53 -j MARK --set-mark 0x1
-A PREROUTING -p udp -m udp --dport 53 -j MARK --set-mark 0x1
-A PREROUTING -p tcp -m multiport --dports 110,25 -j MARK --set-mark 0x3
-A PREROUTING -p udp -m udp --dport 123 -j MARK --set-mark 0x4
-A PREROUTING -p udp -m udp --dport domain -j MARK --set-mark 0x1
-A OUTPUT -p tcp -m tcp --sport 3128 --destination 192.168.1.145 -j MARK --set-mark 0x4

here's the output of iptables -L -v -x -t mangle
Chain PREROUTING (policy ACCEPT 2146 packets, 1400756 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- any any anywhere anywhere tcp spt:webcache MARK set 0x2
1 52 MARK tcp -- any any anywhere anywhere tcp dpt:www MARK set 0x2
0 0 MARK tcp -- any any anywhere anywhere tcp dpt:https MARK set 0x2
0 0 MARK tcp -- any any anywhere anywhere tcp dpt:domain MARK set 0x1
0 0 MARK udp -- any any anywhere anywhere udp dpt:domain MARK set 0x1
254 356576 MARK tcp -- any any anywhere anywhere multiport dports pop3,smtp MARK set 0x3
0 0 MARK tcp -- any any anywhere anywhere tcp dpt:5050 MARK set 0x4
0 0 MARK udp -- any any anywhere anywhere udp dpt:domain MARK set 0x1

Chain INPUT (policy ACCEPT 2105 packets, 1395019 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 2 packets, 315 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 1985 packets, 362575 bytes)
pkts bytes target prot opt in out source destination
1 1500 MARK tcp -- any any anywhere 192.168.1.145 tcp spt:webcache MARK set 0x4

Chain POSTROUTING (policy ACCEPT 1987 packets, 362890 bytes)
pkts bytes target prot opt in out source destination

here's the output of tc -s -d class show dev eth1
class htb 1:40 parent 1:1 leaf 40: prio 1 quantum 1000 rate 23Kbit ceil 23Kbit burst 1628b/8 mpu 0b cburst 1628b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 566607 ctokens: 566607

class htb 1:80 parent 1:1 leaf 80: prio 4 quantum 1000 rate 8Kbit ceil 10Kbit burst 1609b/8 mpu 0b cburst 1611b/8 mpu 0b level 0
Sent 13428 bytes 175 pkts (dropped 0, overlimits 0)
rate 296bps 4pps
lended: 175 borrowed: 0 giants: 0
tokens: -1608354 ctokens: -172416

notice the class htb 1:40 doesn't have packet lended.

Please help me , and pardon my english.
has anyone experience this?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy