traffic shaping

Hello guys,

I would appreciate some help on the following issue.
I have got a firewall machine, and I would like to shape my traffic.
e.g I need 3 chanels (1st for ssh and the like, 2nd for http/ftp etc and
the last one for everything else). So here is my script:

--- cut ---

#!/bin/sh

DEV=eth1
CMD=/usr/local/htb/tc

# Flush
echo "Flushed"
$CMD qdisc del dev $DEV root handle 1

# Define classes
echo "Defining classes"
$CMD qdisc add dev $DEV root handle 1: htb default 12
$CMD class add dev $DEV parent 1: classid 1:1 htb rate 150kbps ceil 150kbps
$CMD class add dev $DEV parent 1:1 classid 1:10 htb rate 10kbps ceil 150kbps
$CMD class add dev $DEV parent 1:2 classid 1:11 htb rate 60kbps ceil 100kbps
$CMD class add dev $DEV parent 1:2 classid 1:12 htb rate 40kbps ceil 40kbps

# Split the packets
echo "Matching the rules"

# SSH traffic
$CMD filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
match ip dport 22 0xffff flowid 1:10

--- end ---

well, there is no need to go any further as it seems I am doing
something wrong with filter. I receive "RTNETLINK answers: Invalid
argument", well if I change to "match tcp dst 22 or match ip dst" or the
like, then I have "Illegal match".
Thanks for your help.

--
Ciao,
Dmitry

Dmitry V. Petrovsky wrote:

>
> # SSH traffic
> $CMD filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
> match ip dport 22 0xffff flowid 1:10
>
> --- end ---

For nntp I have the protocol and the parent arguments reversed here:
(this works, all on one line)

tc filter add dev eth1 parent 1:0 protocol ip prio 10 u32 match ip sport
119 0xffff flowid 1:11

Maybe that helps?

Floris

Hey Dmi...

Check this out. It might help:
http://groups.google.com/groups?hl=e...linux.security