[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tc filter does not filter



> >> # The network interface we're planning on limiting bandwidth.
> >> IF=eth5             # Interface
>
> we have 3 interfaces for 3 subnets. eth5 is that IF where traffic
> comes from external.
>
> >> # Download limit (in mega bits)
> >> LIMIT=500kbps          # DOWNLOAD Limit
> >>
> >> # Filter options for limiting the intended interface.
> >> U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"
> >>
> >>
> >> # delete any current qdisc -- in and out
> >> $TC qdisc del dev eth5 root    2> /dev/null > /dev/null
> >> $TC qdisc del dev eth5 ingress 2> /dev/null > /dev/null
> >>
> >> $TC qdisc add dev $IF root handle 1: htb default 30
> >> $TC class add dev $IF parent 1: classid 1:1 htb rate $LIMIT
> >> $U32 match ip dport 22 0xffff flowid 1:1

> Yes. To define this: I want to limit FTP tunneled through ssh (called SFTP).

We're matching packets sent _to_ the SFTP server here (upload).
If you want to limit download speed you have to use 'sport 22'
instead of 'dport 22'.

If you intend to limit upload on the interface, try using 'ingress'
instead of 'root' to you catch traffic coming the other way. I don't know
whether you can use HTB with that though. If you're doing this on a router,
try using one of the output interfaces instead.

(Again, this is guesswork based on my very limited understanding of TC...)


Reply to: