| View previous topic :: View next topic |
| Author |
Message |
gregf
Tux's lil' helper
Joined: 14 May 2003
Posts: 102
Location: USA, Maine
|
 Posted: Sat Nov 25, 2006 8:45 pm Post subject: iptables |
 |
|
I been trying to convert some of my openbsd packet filter rules over to iptables since i do not have that box running anymore. Only rules i have not been able to get working are my packet shaping rules. I did some research and have found what i wanted to do on the forums. Althought i get an error when i try to run through this script i found.
| Code: | #!/bin/bash
# Zap the iptables mangle queue
iptables -t mangle -F
# Egress device
OUT=eth0
# Flow rates
MAX=1mbit
DC_MAX=50kbit
# Application names (for "marking")
DC_APP=ssh
# Delete existing shaping
tc qdisc del dev $OUT root
# ===========
# Our classes
# ===========
# Top
tc qdisc add dev $OUT root handle 1: htb default 30
tc class add dev $OUT parent 1: classid 1:1 htb rate $MAX
tc class add dev $OUT parent 1:1 classid 1:10 htb rate $MAX
tc class add dev $OUT parent 1:1 classid 1:20 htb rate $DC_MAX ceil $DC_MAX
tc class add dev $OUT parent 1:1 classid 1:30 htb rate $MAX ceil $MAX
# Rehashing
tc qdisc add dev $OUT parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $OUT parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $OUT parent 1:30 handle 30: sfq perturb 10
# ===================
# the magic begins...
# ===================
# DC++
iptables -t mangle -A OUTPUT -m owner --cmd-owner $DC_APP -j MARK --set-mark 2
tc filter add dev $OUT protocol ip parent 1:0 handle 2 fw flowid 1:20
|
Reason i want to do this is because when i run linuxdcpp on my adsl it lags me so bad i can't do anything else. Problem is i get this when i run through the script.
iptables: Invalid argument
I know it has something to do with the on iptables rule found there but what about it i don't know. I have -m owner compiled into the kernel. I also have -j MARK compiled in. I have tried doing it with modules and without. Anyone have some helpful tips on this? Thanks. |
|
| Back to top |
|
 |
dj_farid
l33t
Joined: 14 Jun 2004
Posts: 613
|
| Posted: Sat Nov 25, 2006 11:01 pm Post subject: |
|
|
Run the script command by command. That way you will see which command does not work.
My educated guess is that it is this line: | Code: | | iptables -t mangle -A OUTPUT -m owner --cmd-owner $DC_APP -j MARK --set-mark 2 |
Run that line and iptables will probably complain that it does not work. If you then look at your /var/log/messages, you will probably see that the "owner" thing is not supported anymore.
The best way to do what you want is to use ipp2p or l7-protocol if you can't control the ports that dc++ is using. If you are the only one on your LAN, it is better and more simple to just mark the port that you assign for dc++ to use.
Ipp2p is supposed to be faster than l7 since it is designed for p2p protocols. Read the ipp2p homepage for a good manual and examples. If you have a late kernel, you need to run the latest version of ipp2p.
L7-protocol does the exact same thing. Search the forum for these two and you will find examples (https://forums.gentoo.org/viewtopic-t-514372-highlight-.html). |
|
| Back to top |
|
|
gregf
Tux's lil' helper
Joined: 14 May 2003
Posts: 102
Location: USA, Maine
|
| Posted: Sun Nov 26, 2006 12:57 am Post subject: |
|
|
| Thanks for the great reply. Going to look into this now. I did not realize that -m owner was no more. I had tracked it down to the iptables rule but was not sure why it kept failing. Since owner is still in the kernel and mentioned in the man pages without saying anything of deprecation i had no clue. Thanks for your help. |
|
| Back to top |
|
|
|
Networking & Security
