Re: how to shape incoming traffic on specific port?

To: debian-user@lists.debian.org
Subject: Re: how to shape incoming traffic on specific port?
From: Sergey Spiridonov <sena@hurd.homeunix.org>
Date: Thu, 18 Mar 2004 17:15:11 +0100
Message-id: <[🔎] c3chub$7p4$1@sea.gmane.org>
In-reply-to: <[🔎] 1079615880.1247.24.camel@localhost>
References: <[🔎] c3aps6$9id$1@sea.gmane.org> <[🔎] 1079615880.1247.24.camel@localhost>

David Clymer wrote:

On Wed, 2004-03-17 at 19:18, Sergey V. Spiridonov wrote:

I need to limit incoming traffic on the specific port (I experimented
with ssh). Outgoing traffic can me easely limited with tc, but I have
problems with incoming traffic. I tried to drop some packets, but after
this ssh stop working at all.

Is there any standard way to do incoming traffic limitation?



What sort of set up is this? Is the box serving as a router, or a server
of some sort? What are you interested in policing? What kernel version
are you running?


Thank you for long reply.

It is a network of 12 machines with kernels 1x2.6.4, 2x2.6.2, 1x2.4.20,
3x2.4.18, 5x2.4.16 organized in two subnets. I need to limit network
input/output bandwidth for specific port on some selected machines in
various combinations for simulating another network.

if the box is serving as a router/firewall, and you want to limit
traffic to a box behind it. you could forget about policing, and instead
use traffic shaping (policing is incoming traffic, shaping is outgoing)
on the packets you are sending to that box. That way, you can use tc and
your qdisc of choice to delay or prioritize traffic in a more flexible
way. AFAIK, you cannot use any of the fancy qdiscs on incoming packets,
only on outgoing.


Yes, I understand this. I already managed to shape outgoing traffic. One
of the possibility to shape incoming traffic for host "A" is to shape

outgoing traffic from all other hosts to A. It is possible, but not veryconvenient (imagine, to change bandwidth for one host I will need tochange configuration on 12 hosts). I thought there is a way to do itjust by configuring target host "A".

Using the shaping method, you could use PRIO to prioritize say
interactive traffic (including ssh) or (depending on your kernel
version) could use some iptable rules in conjuntion with a heirarchy of
HTB schedulers to modify traffic.


The above statement is valid just for outgoing traffic, isn't it?

You could try using the script provided here (I have to head to work,
and dont have time to look at myself, just looked promising):

http://www.trekweb.com/~jasonb/articles/linux_tc_minihowto.shtml

He suggests patching the kernel to get support for HTB, but you could
just use a 2.4.2x version, where its included in the kernel sources
already.


Thanks, I will have a look. I hoped it is possible without patching the
kernel :(
--
Best regards, Sergey Spiridonov

Reply to:

Follow-Ups:
- Re: how to shape incoming traffic on specific port?
  - From: "Tauber, Mathias Mailing" <tauberml@hdpnet.de>
- Re: how to shape incoming traffic on specific port?
  - From: David Clymer <david@zettazebra.com>

References:
- how to shape incoming traffic on specific port?
  - From: "Sergey V. Spiridonov" <sena@hurd.homeunix.org>
- Re: how to shape incoming traffic on specific port?
  - From: David Clymer <david@zettazebra.com>

Prev by Date: Re: Success or failures with Mailman 2.1.4 on woody
Next by Date: Stopping GNOME Launching on Reboot
Previous by thread: Re: how to shape incoming traffic on specific port?
Next by thread: Re: how to shape incoming traffic on specific port?
Index(es):
- Date
- Thread