Google
  Web www.spinics.net

Re: Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall (SOLVED)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi Paolo Malfatti,

Thanks for your script. It works fine.

I get what I expect.

THANK you all the way until it comes to an end.

FOR the benifit for evryone in the LIST.

HERE IS the SCRIPT AGAIN.

INTERFAZ_LAN=eth0 

FULLBANDWIDTH=256

BANDWIDTH4LAN=64

tc qdisc del root dev $INTERFAZ_LAN

tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4
tc class add dev $INTERFAZ_LAN parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit
tc class add dev $INTERFAZ_LAN parent 1: classid 1:5 htb rate "$BANDWIDTH4LAN"Kbit
tc qdisc add dev $INTERFAZ_LAN parent 1:5 handle 5 sfq perturb 10
tc filter add dev $INTERFAZ_LAN parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.101.0/24 classid 1:5




On 8/8/07, Pio Mendez <pio_mendez@xxxxxxxxxxx> wrote:

This script only shape the outgoing traffic (upload) in a NAT firewall. To shape the incoming traffic (downloads) there is a simpler script:

INTERFAZ_LAN=eth0 

FULLBANDWIDTH=256

BANDWIDTH4LAN=64

tc qdisc del root dev $INTERFAZ_LAN

tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4
tc class add dev $INTERFAZ_LAN parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit
tc class add dev $INTERFAZ_LAN parent 1: classid 1:5 htb rate "$BANDWIDTH4LAN"Kbit
tc qdisc add dev $INTERFAZ_LAN parent 1:5 handle 5 sfq perturb 10
tc filter add dev $INTERFAZ_LAN parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.101.0/24 classid 1:5

Regards

Paolo Malfatti

PS: dont forget to put a "tc qdisc del root dev $INTERFAZ_INT" rule  at the beginning of your previous script.

 


From:  "Indunil Jayasooriya" <indunil75@xxxxxxxxx>
To:  "Pio Mendez" < pio_mendez@xxxxxxxxxxx>, lartc@xxxxxxxxxxxxxxx
Subject:  Re: Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall
Date:  Wed, 8 Aug 2007 12:30:59 +0530


Hi Paolo Malfatti,



Thanks for your script. I tried it .

 But I still can not allocate 64 kbit for LAN.  We have a 256 kbit link. We usually download around @ 30-33  kbytes per second. That means, when it comes to kbits, I will have to mulitple it in to 8  as

1kbps=8kbit .

pls see below for usual download  rate, before applying your rules.

[root@worldnet wget]# wget  http://mirrors.kernel.org/centos/5.0/isos/i386/CentOS-5.0-i386-bin-6of6.iso


--12:16:27--  http://mirrors.kernel.org/centos/5.0/isos/i386/CentOS-5.0-i386-bin-6of6.iso
           => `CentOS-5.0-i386-bin-6of6.iso.1
'
Resolving mirrors.kernel.org... 204.152.191.7, 204.152.191.39
Connecting to mirrors.kernel.org|204.152.191.7|:80... connected.
HTTP request sent, awaiting response... 200 OK

Length: 407,005,184 (388M) [application/x-iso9660-image]

 0% [                                                                                  ] 2,749,752     30.10K/s  ETA 4:43:0


Then, I applied your rules. pls see below



INTERFAZ_INT=eth0 

FULLBANDWIDTH=256

BANDWIDTH4LAN=64

iptables -t mangle -A PREROUTING -s 192.168.101.0/24 -j MARK --set-mark 0x5

tc qdisc add dev $INTERFAZ_INT root handle 1 htb r2q 4
tc class add dev $INTERFAZ_INT parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit
tc class add dev $INTERFAZ_INT parent 1: classid 1:5 htb rate "$BANDWIDTH4LAN"Kbit


tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10
tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 5 fw classid 1:5


Still no luck. after applying rules, I downloaded an centos ISO image. But , I still can download @ usual rate. (
i.e 30-33 kbytes per seconds).

If your rules work, I will be able to download @ about 8 kbyes per second. (i.e - 8*8 kbit= 64 kbit)

That is what I expect ?

Where have I gone wrong?




On 8/7/07, Pio Mendez < pio_mendez@xxxxxxxxxxx> wrote:
>What is r2q ad 4 there ?. I do not understand those two.
I recommend you to read this:

http://luxik.cdi.cz/~devik/qos/htb/

the r2q is a divisor used to calculate the quantum of htb (the amount of bytes that will be transmitted before serving another class: quantum = rate / r2q).

>tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10

   >What is this above rule?, I don not understand at all.
 
The classes do shape of traffic, but you need a Queue manager to trasmit it (qdisc rule).  Here you will find an example of HTB script:
http://lartc.org/howto/lartc.qdisc.classful.html#AEN1072
 
>tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 10 fw classid 1:5
>I do not understand the above rule too.

there is an error: the right filter rule is:
tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 5 fw classid 1:5
 
The filter rule filter the traffic and send the mathing packets to the right class.
The iptables MARK rule mark the traffic before the SNAT. Later, after all iptables processing, the packets are filtered by this rule; if some packet match the "handle 5" filter (packet marked with 5 by the  iptables rule will
match) then it will be shaped by htb class to 64kbps.
 
Hope this will help
Regards
Paolo Malfatti
 


MSN Amor Busca tu ½ naranja




--
Thank you
Indunil Jayasooriya



Charla con tus amigos en línea mediante MSN Messenger: Haz clic aquí



--
Thank you
Indunil Jayasooriya
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Bugtraq]     [Fedora Legacy]     [GCC Help]     [Yosemite News]     [Yosemite Photos]     [IP Tables]     [Netfilter Devel]     [Fedora Users]

Powered by Linux