Re: how to shape incoming traffic on specific port?

To: Debian-User <debian-user@lists.debian.org>
Subject: Re: how to shape incoming traffic on specific port?
From: David Clymer <david@zettazebra.com>
Date: Sat, 20 Mar 2004 19:41:58 -0500
Message-id: <[🔎] 1079829718.1632.29.camel@localhost>
In-reply-to: <[🔎] c3chub$7p4$1@sea.gmane.org>
References: <[🔎] c3aps6$9id$1@sea.gmane.org> <[🔎] 1079615880.1247.24.camel@localhost> <[🔎] c3chub$7p4$1@sea.gmane.org>

On Thu, 2004-03-18 at 11:15, Sergey Spiridonov wrote:
> David Clymer wrote:
> > On Wed, 2004-03-17 at 19:18, Sergey V. Spiridonov wrote:
> 
> >>I need to limit incoming traffic on the specific port (I experimented
> >>with ssh). Outgoing traffic can me easely limited with tc, but I have
> >>problems with incoming traffic. I tried to drop some packets, but after
> >>this ssh stop working at all.
> >>
> >>Is there any standard way to do incoming traffic limitation?
> > 
> > 
> > What sort of set up is this? Is the box serving as a router, or a server
> > of some sort? What are you interested in policing? What kernel version
> > are you running?
> 
> Thank you for long reply.
> 
> It is a network of 12 machines with kernels 1x2.6.4, 2x2.6.2, 1x2.4.20,
> 3x2.4.18, 5x2.4.16 organized in two subnets. I need to limit network
> input/output bandwidth for specific port on some selected machines in
> various combinations for simulating another network.
> 
> > if the box is serving as a router/firewall, and you want to limit
> > traffic to a box behind it. you could forget about policing, and instead
> > use traffic shaping (policing is incoming traffic, shaping is outgoing)
> > on the packets you are sending to that box. That way, you can use tc and
> > your qdisc of choice to delay or prioritize traffic in a more flexible
> > way. AFAIK, you cannot use any of the fancy qdiscs on incoming packets,
> > only on outgoing.
> 
> Yes, I understand this. I already managed to shape outgoing traffic. One
> of the possibility to shape incoming traffic for host "A" is to shape
> outgoing traffic from all other hosts to A. It is possible, but not very 
> convenient (imagine, to change bandwidth for one host I will need to 
> change configuration on 12 hosts). I thought there is a way to do it 
> just by configuring target host "A".
> 
> > Using the shaping method, you could use PRIO to prioritize say
> > interactive traffic (including ssh) or (depending on your kernel
> > version) could use some iptable rules in conjuntion with a heirarchy of
> > HTB schedulers to modify traffic.
> 
> The above statement is valid just for outgoing traffic, isn't it?
> 

Yes. My assumption was that you would be recieving a packet on one
interface and sending it to another interface. I would think that a
packet is put in an incoming queue on the first (external network)
interface and an outgoing queue when sent from the 2nd (internal
network) interface. If the packet is outgoing on the 2nd interface,
wouldnt one be able to use qdiscs to shape traffic being sent to the
internal network - effectivly shaping incoming traffic? I'm certainly no
expert on this type of thing, so I may not understand how these things
are handled, it was just an idea :)

-davidc

Reply to:

References:
- how to shape incoming traffic on specific port?
  - From: "Sergey V. Spiridonov" <sena@hurd.homeunix.org>
- Re: how to shape incoming traffic on specific port?
  - From: David Clymer <david@zettazebra.com>
- Re: how to shape incoming traffic on specific port?
  - From: Sergey Spiridonov <sena@hurd.homeunix.org>

Prev by Date: Re: CUPS
Next by Date: Kernel 2.6 & wireless USB
Previous by thread: Re: how to shape incoming traffic on specific port?
Next by thread: Clicking on a folder in the left pane of the KDE 3.1 file manager tries to drag folder
Index(es):
- Date
- Thread