<div>Hey Andreas, how i catch this traffic using L7 filter?, i´ve installed l7 filter now, but i don´t kwnow to use the kind of filter...!!!</div>
<div>Can you help me?</div>
<div>Thx.-</div>
<div> </div>
<div> </div>
<div> </div>
<div>Terraja-based</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div><br><br> </div>
<div><span class="gmail_quote">2007/4/29, <a href="mailto:lartc-request@mailman.ds9a.nl">lartc-request@mailman.ds9a.nl</a> <<a href="mailto:lartc-request@mailman.ds9a.nl">lartc-request@mailman.ds9a.nl</a>>:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Send LARTC mailing list submissions to<br> <a href="mailto:lartc@mailman.ds9a.nl">lartc@mailman.ds9a.nl
</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a href="http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc">http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc</a><br>or, via email, send a message with subject or body 'help' to
<br> <a href="mailto:lartc-request@mailman.ds9a.nl">lartc-request@mailman.ds9a.nl</a><br><br>You can reach the person managing the list at<br> <a href="mailto:lartc-owner@mailman.ds9a.nl">lartc-owner@mailman.ds9a.nl
</a><br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of LARTC digest..."<br><br><br>Today's Topics:<br><br> 1. Re: LARTC Digest, Vol 26, Issue 24 (terraja-based)
<br> 2. Re: Re: LARTC Digest, Vol 26, Issue 24 (Alejandro Ramos Encinosa)<br> 3. Re: Re: LARTC Digest, Vol 26, Issue 24 (Andreas Mueller)<br> 4. Re: HFSC with tcng (Andreas Mueller)<br><br><br>----------------------------------------------------------------------
<br><br>Message: 1<br>Date: Sat, 28 Apr 2007 16:33:16 -0300<br>From: terraja-based <<a href="mailto:drumlesson@gmail.com">drumlesson@gmail.com</a>><br>Subject: [LARTC] Re: LARTC Digest, Vol 26, Issue 24<br>To: <a href="mailto:lartc@mailman.ds9a.nl">
lartc@mailman.ds9a.nl</a><br>Message-ID:<br> <<a href="mailto:823158cf0704281233v1f4bd80dg719a78eb779021e1@mail.gmail.com">823158cf0704281233v1f4bd80dg719a78eb779021e1@mail.gmail.com</a>><br>Content-Type: text/plain; charset="iso-8859-1"
<br><br>Alejandro,<br><br><br><br><br>So, i did try the script that you give to me, and the problems its<br>continues.-<br>Maybe the problem was in the IPTABLES rules, i attach the complete script<br>below:<br><br>#####################
<br>ifconfig imq0 up<br><br>tc qdisc add dev imq0 handle 1: root htb default 30<br>tc class add dev imq0 parent 1: classid 1:1 htb rate 500kbit ceil 2000kbit<br><br>tc class add dev imq0 parent 1:1 classid 1:10 htb rate 100kbit ceil 2000kbit
<br>tc class add dev imq0 parent 1:1 classid 1:20 htb rate 100kbit ceil 2000kbit<br>tc class add dev imq0 parent 1:1 classid 1:30 htb rate 100kbit ceil 2000kbit<br><br><br>tc qdisc add dev imq0 parent 1:10 handle 2 sfq<br>
tc qdisc add dev imq0 parent 1:20 handle 3 sfq<br><br>iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0<br><br>tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid 1:10<br>tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid 1:20
<br>iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK<br>--set-mark 2<br>iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK<br>--set-mark 3<br>iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK
<br>--set-mark 3<br>#####################<br><br><br>The traffic it continues goes out by the "default" qdisc (1:30), and it was<br>not clasified by the correct qdisc.<br>I did try a ftp transfererence using the 20 and 21 TCP ports, this should to
<br>use the 1:20 qdisc asociated with the "handle 3"...BUT DID NOT WORK...!!!<br>PLease, help me...!!!<br><br><br>--<br>terraja-based<br>-------------- next part --------------<br>An HTML attachment was scrubbed...
<br>URL: <a href="http://mailman.ds9a.nl/pipermail/lartc/attachments/20070428/2952a6ff/attachment-0001.html">http://mailman.ds9a.nl/pipermail/lartc/attachments/20070428/2952a6ff/attachment-0001.html</a><br><br>------------------------------
<br><br>Message: 2<br>Date: Sat, 28 Apr 2007 22:12:45 +0000<br>From: Alejandro Ramos Encinosa <<a href="mailto:alex@uh.cu">alex@uh.cu</a>><br>Subject: Re: [LARTC] Re: LARTC Digest, Vol 26, Issue 24<br>To: <a href="mailto:lartc@mailman.ds9a.nl">
lartc@mailman.ds9a.nl</a><br>Message-ID: <<a href="mailto:200704282212.46731.alex@uh.cu">200704282212.46731.alex@uh.cu</a>><br>Content-Type: text/plain; charset="iso-8859-15"<br><br>On Saturday 28 April 2007 19:33, terraja-based wrote:
<br>> [...]<br>> iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0<br>><br>> tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid 1:10<br>> tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid 1:20
<br>> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK<br>> --set-mark 2<br>> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK<br>> --set-mark 3<br>> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK
<br>> --set-mark 3<br>> [...]<br>> The traffic it continues goes out by the "default" qdisc (1:30), and it was<br>> not clasified by the correct qdisc.<br>Hmm, you are trying to "redirect" all packets from eth1 to imq0, and then you
<br>are trying to mark packets for http and ftp connections. Well, I think you<br>need to change again your configuration: if you put '-j IMQ --todev 0' as<br>first rule, then all packets will match and will not pass through the chain,
<br>so any rule after that one, will never match against a packet. You need to<br>mark packets before, and send to imq device later. Maybe something like this:<br><br>--------------------------------8<-------------------------8<-----------------------------------
<br>[...]<br>iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK --set-mark<br>2<br>iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK --set-mark<br>3<br>iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK --set-mark
<br>3<br>iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0<br><br>tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid 1:10<br>tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid 1:20
<br>[...]<br>--------------------------------8<-------------------------8<-----------------------------------<br><br>PS: as long as I know, marks 0, 1, and 2 are iptables marks (reserved marks),<br>so if I were you, I start marking with number 3 or greater.
<br><br>--<br>Alejandro Ramos Encinosa <<a href="mailto:alex@uh.cu">alex@uh.cu</a>><br>Fac. Matemática Computación<br>Universidad de La Habana<br><br><br>------------------------------<br><br>Message: 3<br>Date: Sun, 29 Apr 2007 10:48:25 +0200
<br>From: Andreas Mueller <<a href="mailto:andreas@stapelspeicher.org">andreas@stapelspeicher.org</a>><br>Subject: Re: [LARTC] Re: LARTC Digest, Vol 26, Issue 24<br>To: <a href="mailto:lartc@mailman.ds9a.nl">lartc@mailman.ds9a.nl
</a><br>Message-ID: <<a href="mailto:20070429084825.GA3557@lintera.stapelspeicher.org">20070429084825.GA3557@lintera.stapelspeicher.org</a>><br>Content-Type: text/plain; charset=us-ascii<br><br>Hallo terraja-based,<br>
<br><br><br>terraja-based wrote:<br>[snip]<br>> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK<br>> --set-mark 2<br>> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK<br>> --set-mark 3
<br>> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK<br>> --set-mark 3<br>[snip]<br>> The traffic it continues goes out by the "default" qdisc (1:30), and it was<br>> not clasified by the correct qdisc.
<br>[snip]<br><br>the marks you set here will be gone as soon as the packet leaves,<br>connmark could do the trick here.<br>Still, matching --sport on the imq device should do the job as well,<br>at least for http at port 80.
<br>For ftp, passive mode (data) connections will go to the default-class as<br>the server's port is chosen at runtime, to catch them better use a<br>level-7 filter (e.g. <a href="http://sourceforge.net/projects/l7-filter/">
http://sourceforge.net/projects/l7-filter/</a>).<br><br>Bye, Andreas.<br><br><br>------------------------------<br><br>Message: 4<br>Date: Sun, 29 Apr 2007 11:00:30 +0200<br>From: Andreas Mueller <<a href="mailto:andreas@stapelspeicher.org">
andreas@stapelspeicher.org</a>><br>Subject: Re: [LARTC] HFSC with tcng<br>To: <a href="mailto:lartc@mailman.ds9a.nl">lartc@mailman.ds9a.nl</a><br>Message-ID: <<a href="mailto:20070429090030.GB3557@lintera.stapelspeicher.org">
20070429090030.GB3557@lintera.stapelspeicher.org</a>><br>Content-Type: text/plain; charset=us-ascii<br><br>Hi Simo,<br><br><br><br>Simo wrote:<br>> [...]<br>> I don?t know how to use HFSC queuing discipline with tcng configuration
<br>> language. I become always this error: syntax error near "hfsc"<br>> [...]<br>> Is it possible, that tcng provides no support for this classful hfcs queuing<br>> discipline?<br>> [...]<br><br>
no, there is no such support and might never be, because this project is<br>no longer under active development.<br><br>Andreas<br><br><br>------------------------------<br><br>_______________________________________________
<br>LARTC mailing list<br><a href="mailto:LARTC@mailman.ds9a.nl">LARTC@mailman.ds9a.nl</a><br><a href="http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc">http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc</a><br><br>
<br>End of LARTC Digest, Vol 26, Issue 25<br>*************************************<br></blockquote></div><br><br clear="all"><br>-- <br>terraja-based