Re: [plug] iptables nat + tc problem

Winelfred G. Pasamba Wed, 22 Oct 2008 21:23:31 -0700

sorry i don't understand your script. but here's mine. it's php.
i suppose you have to change the eth0 to your ethplay. and the "grep
192" to your grep "192\.168\.101"
you'll also notice 64kbit as the max bandwidth for each ip.
the enumerated ip addresses encoded as a long string are for hosts
that are excempted from the bandwidth limit.


"hope it works!" hehe
<?
/* regulate bandwidth of all visible hosts
   tccontrol.php
   Copyright 2008 Winelfred G. Pasamba
*/
while (1) {
        $cmd = "tc filter del dev eth0 protocol ip parent 1: prio 1";
        echo "$cmd\n";
        `$cmd`;
        $cmd = "tc qdisc del dev eth0 root handle 1:";
        echo "$cmd\n";
        `$cmd`;

        $cmd = "tc qdisc add dev eth0 root handle 1: htb";
        echo "$cmd\n";
        `$cmd`;

        // make ssh fast
//      `tc class add dev eth0 parent 1: classid 1:1 htb rate 2mbit`;
//      `tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match
ip dport 22 0xffff flowid 1:1`;

        $classid = 10;
        $ips = `ip neigh | grep 192 | cut -d' ' -f1`;
        $ipa = split ("\n",$ips);
        array_pop ($ipa);
        $cbqid = 10;
        foreach ($ipa as $ip) {
                if (strstr ('
                        192.168.10.206, // sophos
                        192.168.2.5,    // csdept
                        192.168.2.51,   // snoopy2
                        ', "$ip,")) {
                        echo "skipping $ip\n";
                        continue;
                } else {
                        echo $ip."\n";
#                       $cmd = "tc class del dev eth0 parent 1:
classid 1:$classid";
#                       echo "$cmd\n";
#                       `$cmd`;
                        $cmd = "tc class add dev eth0 parent 1:
classid 1:$classid htb rate 64kbit";
#                       echo "$cmd\n";
                        `$cmd`;
                        $cmd = "tc filter add dev eth0 protocol ip
parent 1: prio 3 u32 match ip dst $ip/32 flowid 1:$classid";
#                       echo "$cmd\n";
                        `$cmd`;
                        $classid++;
                }
        }
      `sleep 60`;
}
?>


On Thu, Oct 23, 2008 at 11:09 AM, plug bert <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> i have this test gateway set up at work:
>
> os: fedora core 9
> eth0: public ip
> eth1: to "play" subnet -- 192.168.101.x
> eth2: to "work" subnet -- 192.168.102.x
>
> The gateway performs NAT for both PLAY and WORK subnets. i'm planning to 
> limit the bandwidth for the PLAY subnet so that heavy downloads don't cripple 
> the WORK subnet...and for this i came up with the ff script:
>
> #############################################################################
> #!/bin/bash
> IPTB=/sbin/iptables
>
> PUB_IP=w.x.y.z
>
> HI_PRIORITY_Q=1:10
> HI_PRIORITY_QMARK=8
>
> LOW_PRIORITY_Q=1:31
> LOW_PRIORITY_QMARK=5
>
> PLAY_LAN=192.168.101.0/24
> WORK_LAN=192.168.102.0/24
>
>
>
>
> SRC=$PLAY_LAN
> DST=0/0
> $IPTB -A POSTROUTING -t mangle -s $SRC -d $DST  -j MARK 
> --set-mark=$LOW_PRIORITY_QMARK
>
>
> SRC=$WORK_LAN
> DST=0/0
> $IPTB -A PREROUTING -t mangle -s $SRC -d $DST -j MARK 
> --set-mark=$HI_PRIORITY_QMARK
>
>
>
>
> tc qdisc add dev eth0 handle 1:0 root cbq bandwidth 1Mbit avpkt 100Kbit
>
>
> echo  add the root class
> tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 1Mbit rate 1Mbit 
> allot 1514 cell 8 weight 1Mbit prio 8 maxburst 20 avpkt 1000
>
>
> echo add subclasses 1
>
> tc class add dev eth0 parent 1:1 classid $LOW_PRIORITY_Q cbq bandwidth 
> 100Kbit rate 100Kbit allot 1514 cell 8 weight 1Kbit prio 3 maxburst 20 avpkt 
> 100 split 1:1
>
> echo add subclasses 2
>
> tc class add dev eth0 parent 1:1 classid $HI_PRIORITY_Q cbq bandwidth 900Kbit 
> rate 900Kbit allot 1514 cell 8 weight 9Kbit prio 7 maxburst 20 avpkt 1000 
> split 1:1
>
> echo filter all 31.x traffic, add them to low prio queue
>
> tc filter add dev eth0 protocol ip parent 1:0 prio 3 handle 
> $LOW_PRIORITY_QMARK fw classid $LOW_PRIORITY_Q
>
> tc filter add dev eth0 protocol ip parent 1:0 prio 7 handle 
> $HI_PRIORITY_QMARK fw classid $HI_PRIORITY_Q
>
>
> $IPTB -A POSTROUTING -t nat -s $PLAY_LAN -d 0/0 -j SNAT --to-source=$PUB_IP
> $IPTB -A POSTROUTING -t nat -s $WORK_LAN -d 0/0 -j SNAT --to-source=$PUB_IP
>
> ############################################################################
>
>
> ...obviously, it doesn't work B)
>
> Is there something i missed?
>
> Does the MARKing get messed up during the NAT process?
>
> tia
>
>
>
>
>
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> http://lists.linux.org.ph/mailman/listinfo/plug
> Searchable Archives: http://archives.free.net.ph
>



-- 
Seek ye first the kingdom of God and all these things shall be added unto you.

Winelfred G. Pasamba
Adventist University of the Philippines Online Information Systems
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph

Re: [plug] iptables nat + tc problem

Reply via email to