so you are not attaching to the bridge just directly to the two nics in the bidge?
----- Original Message ----- From: "Jorge# ./S" <[EMAIL PROTECTED]> To: "Chris Ellsworth" <[EMAIL PROTECTED]> Sent: Monday, May 13, 2002 8:35 AM Subject: Re: Filtering packets into a cbq on a bridge > This is what I use: > > [root@squid root]# cat tc-rulez > tc qdisc add dev eth1 root handle 10: cbq bandwidth 1024kbit avpkt 1000 > tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 1024kbit rate > 1024kbit allot 1514 weight 102.4kbit prio 8 maxburst 20 avpkt 1000 > tc class add dev eth1 parent 10:1 classid 10:100 cbq bandwidth 1024kbit rate > 512kbit allot 1514 weight 51.2kbit prio 5 maxburst 20 avpkt 1000 bounded > tc class add dev eth1 parent 10:1 classid 10:200 cbq bandwidth 1024kbit rate > 256kbit allot 1514 weight 25.6kbit prio 5 maxburst 20 avpkt 1000 bounded > tc qdisc add dev eth1 parent 10:100 sfq quantum 1514b perturb 15 > tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15 > > tc filter add dev eth1 parent 10:0 protocol ip handle 1 fw classid 10:100 > tc filter add dev eth1 parent 10:0 protocol ip handle 2 fw classid 10:200 > > > tc qdisc add dev eth0 root handle 10: cbq bandwidth 1024kbit avpkt 1000 > tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 1024kbit rate > 1024kbit allot 1514 weight 102.4kbit prio 8 maxburst 20 avpkt 1000 > tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 1024kbit rate > 512kbit allot 1514 weight 51.2kbit prio 5 maxburst 20 avpkt 1000 bounded > tc class add dev eth0 parent 10:1 classid 10:200 cbq bandwidth 1024kbit rate > 256kbit allot 1514 weight 25.6kbit prio 5 maxburst 20 avpkt 1000 bounded > tc qdisc add dev eth0 parent 10:100 sfq quantum 1514b perturb 15 > tc qdisc add dev eth0 parent 10:200 sfq quantum 1514b perturb 15 > > tc filter add dev eth0 parent 10:0 protocol ip handle 1 fw classid 10:100 > tc filter add dev eth0 parent 10:0 protocol ip handle 2 fw classid 10:200 > > ########################### > # MARCADO DE PAQUETES # > ########################### > > iptables -t mangle -I OUTPUT -p tcp -s 192.168.20.0/24 -j MARK --set-mark 2 > iptables -t mangle -I OUTPUT -p tcp -d 192.168.20.0/24 -j MARK --set-mark 2 > > > On Sunday 05 May 2002 07:23 pm, Chris Ellsworth wrote: > > currently using this code to make classes > > note: this is being used on a bridge which has been patch to allow > > iptables to effect the packets. > > http://bridge.sourceforge.net/ > > _________ > > tcclass_add="tc class add dev brint_ext parent 1: classid" > > tcclass_rate="cbq allot 1514 avpkt 1000 rate" > > tcclass_end="" > > > > tc qdisc add dev brint_ext root handle 1: cbq bandwidth 192kbps avpkt > > 1000 > > tc class add dev brint_ext parent 1: classid 1:1 cbq allot 1514 avpkt > > 1000 rate 5kbps > > $tcclass_add 1:2 $tcclass_rate 128kbit #up > > $tcclass_add 1:3 $tcclass_rate 128kbit #down > > $tcclass_add 1:4 $tcclass_rate 256kbit #up > > $tcclass_add 1:5 $tcclass_rate 256kbit #down > > $tcclass_add 1:6 $tcclass_rate 768kbit > > $tcclass_add 1:7 $tcclass_rate 768kbit > > $tcclass_add 1:8 $tcclass_rate 384kbit > > $tcclass_add 1:8 $tcclass_rate 256kbit > > _________ > > > > I need to filter packets into these classes with iptables. > > the line i have came up with so far is as follows > > iptables -A FORWARD -s <IP> > > iptables -A FORWARD -d <IP> > > > > how to i finish the line so that when a packet comes from an IP it > > will be filtered into the correct class for limiting.? > > this is being used on a bridge which has been patch to allow iptables > > to effect the packets. > > I believe there is something to do with marking but dont understand > > which mark command to use. > > _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
