Comments (13)
This should already work. If it supposedly isn't, test and prove it's not working.
from ipt-ratelimit.
I test speed and based on it create issue.
These IP are OpenVPN users. OpenVPN run on Android tablet. I test speed by speedtest app.
Add first rules with limit by one IP, connect OpenVPN by user with IP .101, run test and get 1mbit, then disconnect and connect as user with IP .100 and get 10mbit speed (server or tablet, or channel can't get full 100mbit but isn't 1mbit), all fine.
Then change rules, repeat test and get 1mbit for two users.
What can I provide for debug?
from ipt-ratelimit.
- Reload ratelimit rules, so that counters are clean.
- When you testing
IP .100 and get 20mbit speed
in the middle of the test cat/proc/net/ipt_ratelimit/
files, and copy paste here their content. That should show which rules are triggering.
from ipt-ratelimit.
Under "reload" I understand need clear set file?
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/fullspeeddst
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/fullspeedsrc
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/limitdst
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/limitsrc
root@ubuntu:~# echo +10.8.0.100 100000000 > /proc/net/ipt_ratelimit/fullspeedsrc
root@ubuntu:~# echo +10.8.0.100 100000000 > /proc/net/ipt_ratelimit/fullspeeddst
root@ubuntu:~# echo +10.8.0.101 1000000 > /proc/net/ipt_ratelimit/limitdst
root@ubuntu:~# echo +10.8.0.101 1000000 > /proc/net/ipt_ratelimit/limitsrc
Run test
root@ubuntu:~# cat /proc/net/ipt_ratelimit/fullspeeddst
10.8.0.100 cir 100000000 cbs 18750000 ebs 37500000; tc 0 te 0 last 2736; conf 15177/12664727 0 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/fullspeedsrc
10.8.0.100 cir 100000000 cbs 18750000 ebs 37500000; tc 324 te 0 last 19; conf 18691/17732314 7074 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/limitdst
10.8.0.101 cir 1000000 cbs 187500 ebs 375000; tc 0 te 0 last 2117; conf 464/374141 0 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/limitsrc
10.8.0.101 cir 1000000 cbs 187500 ebs 375000; tc 0 te 0 last 4009; conf 526/62639 0 bps, rej 0/0
Change rules
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/fullspeeddst
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/fullspeedsrc
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/limitdst
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/limitsrc
root@ubuntu:~# echo +10.8.0.100 100000000 > /proc/net/ipt_ratelimit/fullspeedsrc
root@ubuntu:~# echo +10.8.0.100 100000000 > /proc/net/ipt_ratelimit/fullspeeddst
root@ubuntu:~# echo +10.8.0.100/24 1000000 > /proc/net/ipt_ratelimit/limitsrc
root@ubuntu:~# echo +10.8.0.100/24 1000000 > /proc/net/ipt_ratelimit/limitdst
Run test
root@ubuntu:~# cat /proc/net/ipt_ratelimit/fullspeeddst
10.8.0.100 cir 100000000 cbs 18750000 ebs 37500000; tc 80 te 0 last 64; conf 6690/2655256 88550 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/fullspeedsrc
10.8.0.100 cir 100000000 cbs 18750000 ebs 37500000; tc 0 te 0 last 138; conf 7988/8762750 474412 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/limitdst
10.8.0.0/24 cir 1000000 cbs 187500 ebs 375000; tc 0 te 163890 last 7; conf 6373/2060542 1656 bps, rej 440/607401
root@ubuntu:~# cat /proc/net/ipt_ratelimit/limitsrc
10.8.0.0/24 cir 1000000 cbs 187500 ebs 375000; tc 0 te 354443 last 3; conf 7028/7409030 2954 bps, rej 1011/1357078
from ipt-ratelimit.
It's hard to comprehend this stat because test performed not like I requested it and stat is dirty with noise data.
- I don't need two tests, I only need single test with incorrect ratelimiting.
- Clean the set rules just before the test, so that counters are zero.
- Run test from IP
10.8.0.100
. Make sure your test IP is 10.8.0.100. I don't see proof of that in your data. Screenshot does not show your IP. - In the middle of the test cat
/proc/net/ipt_ratelimit/
files. Just upload or download test is enough. For example, in the middle of download. I just want to see for certain where counters are increasing.
from ipt-ratelimit.
10.8.0.100 proof
While run test other user not connected to VPN.
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/fullspeeddst
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/fullspeedsrc
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/limitdst
root@ubuntu:~# echo / > /proc/net/ipt_ratelimit/limitsrc
root@ubuntu:~# echo +10.8.0.100 100000000 > /proc/net/ipt_ratelimit/fullspeedsrc
root@ubuntu:~# echo +10.8.0.100 100000000 > /proc/net/ipt_ratelimit/fullspeeddst
root@ubuntu:~# echo +10.8.0.100/24 1000000 > /proc/net/ipt_ratelimit/limitsrc
root@ubuntu:~# echo +10.8.0.100/24 1000000 > /proc/net/ipt_ratelimit/limitdst
root@ubuntu:~# cat /proc/net/ipt_ratelimit/fullspeeddst
10.8.0.100 cir 100000000 cbs 18750000 ebs 37500000; tc 0 te 0 last never; conf 0/0 0 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/fullspeedsrc
10.8.0.100 cir 100000000 cbs 18750000 ebs 37500000; tc 0 te 0 last never; conf 0/0 0 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/limitdst
10.8.0.0/24 cir 1000000 cbs 187500 ebs 375000; tc 0 te 0 last never; conf 0/0 0 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/limitsrc
10.8.0.0/24 cir 1000000 cbs 187500 ebs 375000; tc 0 te 0 last never; conf 0/0 0 bps, rej 0/0
Run test and at middle of download run cat
root@ubuntu:~# cat /proc/net/ipt_ratelimit/fullspeeddst
10.8.0.100 cir 100000000 cbs 18750000 ebs 37500000; tc 0 te 0 last 3; conf 1089/1419961 715600 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/fullspeedsrc
10.8.0.100 cir 100000000 cbs 18750000 ebs 37500000; tc 104 te 0 last 2; conf 884/61227 33452 bps, rej 0/0
root@ubuntu:~# cat /proc/net/ipt_ratelimit/limitdst
10.8.0.0/24 cir 1000000 cbs 187500 ebs 375000; tc 280804 te 93304 last 0; conf 770/975966 515292 bps, rej 321/445496
root@ubuntu:~# cat /proc/net/ipt_ratelimit/limitsrc
10.8.0.0/24 cir 1000000 cbs 187500 ebs 375000; tc 104 te 0 last 4; conf 884/61227 33452 bps, rej 0/0
from ipt-ratelimit.
I misinterpreted your set up at first, so test wasn't really necessary, and everything is seems working correctly.
from ipt-ratelimit.
So, for correct ratelimit I need create separate rules for IP .100 and for other IP, but if one rule overlap other rules, module use last one?
from ipt-ratelimit.
Answer two questions:
- Why you create four sets and not just two?
- Why you put just one rule per set?
from ipt-ratelimit.
I'am guest in Linux.
Why you put just one rule per set?
Understood my mistake, I can add both rules in one set file
Why you create four sets and not just two?
Looked at readme and thinked need create separate set for src and dst. If not add ratelimit-mode param set will be use for both, src and dst?
from ipt-ratelimit.
Why you create 4 sets and not just 2?
from ipt-ratelimit.
After understood mistake, I make this, all work fine
iptables -A FORWARD -m ratelimit --ratelimit-set myset --ratelimit-mode src -j DROP
iptables -A FORWARD -m ratelimit --ratelimit-set myset --ratelimit-mode dst -j DROP
echo / > /proc/net/ipt_ratelimit/myset
echo +10.8.0.100 100000000 > /proc/net/ipt_ratelimit/myset
echo +10.8.0.101 100000000 > /proc/net/ipt_ratelimit/myset
echo +10.8.0.100/24 1000000 > /proc/net/ipt_ratelimit/myset
from ipt-ratelimit.
Grats!
from ipt-ratelimit.
Related Issues (20)
- Add ipv6 support (feature request) HOT 4
- Can't create set HOT 9
- Problem setting speed over 4294967295 bits HOT 5
- End of flow и таймаут HOT 11
- mix logical and bit operations
- Linux 5.6: failed to compile HOT 8
- Вопрос новичка HOT 5
- Download limit problem HOT 22
- not working in router wan side ip address HOT 2
- How to make it work with nft flow (flowtable offload) HOT 9
- Any possibility to add mac addr in addition to ip HOT 1
- Проект жив? HOT 1
- New release HOT 2
- max cir 4290000000 and not more? HOT 2
- Compilation Error, Debian/12 HOT 2
- Error while "make all install" on Debian 12 HOT 2
- Little to no increase in speed after establishing flowtable software acceleration rules
- Try to use Open Build Service for packages
- Debian package
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ipt-ratelimit.