Hi, Thanks for your script. I am still a newbie to this traffic control. I have only done polcy routing with iproute2.
I was thinking how to write this script. You have already given a start. I have been reading Below URLs. http://lartc.org/howto/lartc.qdisc.classful.html http://edseek.com/~jasonb/articles/traffic_shaping/linuxtc.html http://tldp.org/HOWTO/Traffic-Control-HOWTO/index.html http://edseek.com/~jasonb/articles/traffic_shaping/classes.html#qdiscex But, I still find it dificult to understand fully. Hey, shall We disculls the script you wrote below . I understand below 4 rules. last rule marks 192.168.102.0/24 traffic as 5 > > INTERFAZ_INT=eth0 > > BAND=256 > > BAND_CLIENTS=64 > > iptables -t mangle -A PREROUTING -s 192.168.102.0/24 -j MARK --set-mark > 0x5 > But, I do not understand below rules. shall we discuss one by one. > tc qdisc add dev $INTERFAZ_INT root handle 1 htb r2q 4 > the above rule adds a qdisc to internet interace. what is r2q ad 4 there ?. I do not understand those two. > tc class add dev $INTERFAZ_INT parent 1: classid 1:2 htb rate "$BAND"Kbit > FULL bandwidth with above rule. tc class add dev $INTERFAZ_INT parent 1: classid 1:5 htb rate > "$BAND_CLIENTS"Kbit > and 64 kbit with above with above rule. tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10 > What is this above rule?, I don not understand at all. tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 10 fw > classid 1:5 > I do not understand the above rule too. hope to hear from you. Feel free to ask to me what you wish. > THAKS for above comment. Regards > > Paolo Malfatti > > > ------------------------------ > From: *"Indunil Jayasooriya" <[EMAIL PROTECTED]>* > To: [EMAIL PROTECTED] > Subject: *[LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN > behingfirewall* > Date: *Thu, 2 Aug 2007 14:48:55 +0530* > > > Hi, > > We have a 256 kbits/s (kilobits per second) link to the internet. it is a > router running Linux that belongs to our ISP. They have given us 8 internet > ips. (i.e- subnet is > 255.255.255.248 > ). one has been given to this router. I have given another internet ip to > the firewall running CentOS 4.5. iptables is running on it. And also, I > have installed iproute2 pkg as well. > > pls see below for installed pkgs. > > [EMAIL PROTECTED] ~]# rpm -qa |grep iptables > iptables-1.2.11-3.1.RHEL4 > [EMAIL PROTECTED] ~]# rpm -qa |grep iproute > iproute-2.6.9-3.EL4.3.centos4 > > > This firewall has 3 ethernet cards at the moment. one is connected to > router. one is connected to our DMZ zone. one is connected to LAN1. > > These are ips of the firewall. > > eth0 (internet) - > 1.2.3.4/255.255.255.248 (pls assume it. For security reason, I will not > give you the actual ip) > eth1 (DMZ Zone) - > 192.168.100.254/255.255.255.0 > eth2 (LAN1) - > 192.168.101.254/255.255.255.0 > > Now, everyone in LAN1 has access to internet. (due to SNAT rule) > > Now, I want to install another ethernet card to this firewall. then, it > would be eth3. > > eth3 will be as follows. > > > eth3 (LAN2) - 192.168.102.254/255.255.255.0 > > Now, I want put about 5 people (5 PCs) behind this LAN2 and give internet > access to them. But, I do not want them to use my whole bandwidth ( > i.e - 256 kbit/s), But Instead, I want peple behind this LAN2 to allocate > 64 kbits/s (kilo bits per second) for their internert access. > > Is it possible to acheive this task on firewall running iptables and > iproute2 (CentOS 4.5) ? > > If so, How can I do such thing? > > If I do such thing, what will happen to the people behind LAN1 ? Will they > get whole 256 kbits/s as before or will they get 256 kbit/s - 64 kbit/s for > their internet access? > > > > Hope to hear form you. > > > > > > > > > > > -- > Thank you > Indunil Jayasooriya > > > -- > Thank you > Indunil Jayasooriya > > >_______________________________________________ > >LARTC mailing list > >LARTC@mailman.ds9a.nl > >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > ------------------------------ > Las mejores tiendas, los precios mas bajos, entregas en todo el mundo, > YupiMSN Compras: Haz clic aquĆ... <http://g.msn.com/8HMBES/2746??PS=47575> -- Thank you Indunil Jayasooriya
_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
