<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1528" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Jody,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I have a script that makes connections for every
user with his auth. So, in this script, I have two mark tags. Can I use this tip
you give to ro0ot? My doubt is if I use this every time some user log it will be
all executed again, it will not make me trouble?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Now I mark all packts from a client and forward
this to some cbq/htb band control rules. It is working fine, but I have never
made a test for longer time...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks for your cooperation.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Att,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Nataniel Klug</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=jody.shumaker@gmail.com href="mailto:jody.shumaker@gmail.com">Jody
Shumaker</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=lartc@mailman.ds9a.nl
href="mailto:lartc@mailman.ds9a.nl">lartc@mailman.ds9a.nl</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, December 22, 2005 5:48
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [LARTC] control p2p upload
bandwidth rate</DIV>
<DIV><BR></DIV>Seems like eth0 is your IF connected to the itnernet, you need
to do shaping on that for the upload. Modifying the rates and using the
same tc comands but on eth0 would likely do it.<BR><BR>Also your script is
flawed, the layer7 matching for most if not all of those protocols will only
match on the first packet or two. After that the data for those connections
won't match. I suggest you look into using CONNMARK target/matching so you can
match all of the data, not just the first few packets. <BR><BR>With your setup
it'd be used something along these lines:<BR>#before setting
mark:<BR>#restores any saved mark<BR>iptables -t mangle -A PREROUTING -p tcp
-j CONNMARK --restore-mark<BR>#accepts the packet if it has a mark besides the
default 0 and prevents the saved mark from being changed <BR>iptables -t
mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT<BR><BR>#use "-j MARK
--set-mark #" here<BR><BR>#after all the --set-mark's<BR>iptables -t mangle -A
PREROUTING -p tcp -m mark ! --mark 0 -j CONNMARK --save-mark <BR>iptables -t
mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT<BR><BR>Without this,
I'm not really sure how you were matching all packets for your download
shaping. Normally, only the first packet or two will have matching data
in the TCP connection, and if you don't somehow mark the whole connection
using the above, the majority of the bandwidth won't be shaped correctly.
<BR><BR>- Jody<BR><BR><BR>
<DIV><SPAN class=gmail_quote>On 12/22/05, <B class=gmail_sendername>ro0ot</B>
<<A href="mailto:ro0ot@phreaker.net">ro0ot@phreaker.net</A>>
wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">Hi
all,<BR><BR>I am running Slackware 10.1 with Kernel <A
href="http://2.6.14.3">2.6.14.3</A> includes iptables 1.3.4<BR>with layer
7<BR><BR>My network diagram below: -<BR>INTERNET --- LINUX_ROUTER_FW ---
PCs<BR><BR>Below is my simple iptables script: - <BR><BR>echo 1 >
/proc/sys/net/ipv4/ip_forward<BR>iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE<BR>iptables -t mangle -A POSTROUTING -m layer7 --l7proto
applejuice -j MARK<BR>--set-mark 1<BR>iptables -t mangle -A POSTROUTING -m
layer7 --l7proto ares -j MARK <BR>--set-mark 1<BR>iptables -t mangle -A
POSTROUTING -m layer7 --l7proto bittorrent -j MARK<BR>--set-mark
1<BR>iptables -t mangle -A POSTROUTING -m layer7 --l7proto directconnect
-j<BR>MARK --set-mark 1<BR>iptables -t mangle -A POSTROUTING -m layer7
--l7proto edonkey -j MARK <BR>--set-mark 1<BR>iptables -t mangle -A
POSTROUTING -m layer7 --l7proto fasttrack -j MARK<BR>--set-mark
1<BR>iptables -t mangle -A POSTROUTING -m layer7 --l7proto gnucleuslan
-j<BR>MARK --set-mark 1<BR>iptables -t mangle -A POSTROUTING -m layer7
--l7proto gnutella -j MARK <BR>--set-mark 1<BR>iptables -t mangle -A
POSTROUTING -m layer7 --l7proto napster -j MARK<BR>--set-mark 1<BR>iptables
-t mangle -A POSTROUTING -m layer7 --l7proto openft -j MARK<BR>--set-mark
1<BR><BR>Below is my simple tc script: - <BR><BR>tc qdisc del dev eth1
root<BR>tc qdisc add dev eth1 root handle 1: htb default 20<BR>tc class add
dev eth1 parent 1: classid 1:1 htb rate 10240kbit ceil<BR>10240kbit<BR>tc
class add dev eth1 parent 1:1 classid 1:11 htb rate 32kbit ceil 512kbit
<BR>tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 1
fw<BR>classid 1:11<BR>tc qdisc add dev eth1 parent 1:11 sfq perturb
10<BR><BR>I have no problem shaping the "PCs" p2p download bandwidth
rate. How <BR>can I control the "PCs" p2p upload bandwidth
rate? Please help...thanks,
:)<BR><BR>Regards,<BR>ro0ot<BR><BR><BR><BR><BR><BR>_______________________________________________<BR>LARTC
mailing list<BR><A
href="mailto:LARTC@mailman.ds9a.nl">LARTC@mailman.ds9a.nl</A><BR><A
href="http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc">http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc</A><BR></BLOCKQUOTE></DIV><BR>
<P>
<HR>
<P></P>_______________________________________________<BR>LARTC mailing
list<BR>LARTC@mailman.ds9a.nl<BR>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc<BR></BLOCKQUOTE></BODY></HTML>