I'll answer myself a bit, but this leaves me puzzled even more. On Mon, 2010-12-13 at 21:06 +0100, Steven wrote: > Hi list, > > (Might be unrelated) Yesterday I configured some extra rules on my > gateway box (Debian Etch) to slow down traffic from a particular part of > the network. It started at that time.
It seems that this is in fact related to the issues I'm having. After a reboot of the gateway box, the sites work again (haven't tested them all, just 2), as soon as I enable a particular tc filter, things go wrong, until I reboot the gateway again. After reboot(also runs the firewall script): debian:/home/steven# tc qdisc show qdisc cbq 11: dev eth2 rate 100000Kbit (bounded,isolated) prio no-transmit qdisc pfifo_fast 0: dev eth3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc pfifo_fast 0: dev ppp0 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc pfifo_fast 0: dev tun0 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 After running the firewall script without rebooting: debian:/home/steven# tc qdisc show qdisc cbq 11: dev eth2 rate 100000Kbit (bounded,isolated) prio no-transmit qdisc pfifo_fast 0: dev eth3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc pfifo_fast 0: dev tun0 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc cbq 10: dev ppp0 rate 100000Kbit (bounded,isolated) prio no-transmit The applied rules in question are the following: # Download marking tc qdisc add dev eth2:0 root handle 11: cbq bandwidth 100Mbit avpkt 1000 mpu 64 tc class add dev eth2:0 parent 11: classid 11:1 cbq rate 200Kbit weight 50Kbit allot 1514 prio 1 avpkt 1000 bounded tc filter add dev eth2:0 parent 11: protocol ip handle 4 fw flowid 11:1 # Upload marking tc qdisc add dev ppp0 root handle 10: cbq bandwidth 100Mbit avpkt 1000 mpu 64 tc class add dev ppp0 parent 10: classid 10:1 cbq rate 25KBit weight 4Kbit allot 1514 prio 1 avpkt 1000 bounded tc filter add dev ppp0 parent 10: protocol ip handle 3 fw flowid 10:1 # Upload rules iptables -t mangle -A FORWARD -s 192.168.5.0/24 -j MARK --set-mark 3 # Download rules iptables -t mangle -A POSTROUTING -d 192.168.5.0/24 -j MARK --set-mark 4 The affected network however is on subnet 10.0.0./24 so these filters wouldn't apply to it. Kind regards, Steven -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1292276120.6571.7.ca...@pc-steven.lan
