On 8/25/06, Ali Jawad [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-Hash: SHA1Andrei Sandu wrote: On 8/24/06, Ali Jawad [EMAIL PROTECTED] wrote: Hi Guys
Ive got an internet cafe on which I have a debian sarge box running. The Debian box acts as a gateway and it has masquerading on. I have 40 client PC and i do not want to assign more than 64k per pc for upload
and the same is true for download too. Ive done alot of research and Ive read tutorials about CBQ and HTB. I found that CBQ.init is the best script to serve my needs. I was successfully able to limit download per
client using the script. However I was not able to limit upload per client whatever method I used. Please HELP ME LIMIT THE UPLOADS ON A PER CLIENT BASIS. This is my Setup :
INTERNET eth0 DEBIAN eth1 -- LAN SWITCH ---40 PCS The working CBQ script that I use to limit download for a certain PC is: DEVICE=eth1,100Mbit,10Mbit RATE=64Kbit
WEIGHT=6Kbit PRIO=5 RULE=192.168.1.166 The UPLOAD SCRIPT that I use to limit UPLOADS is NOT WORKING !! Upload Script NOT WORKING
# -- DEVICE=eth0,10Mbit,1Mbit RATE=64Kbit WEIGHT=6Kbit PRIO=5 RULE=
192.168.1.166, # -- As you can see I added the comma at the end of the Rule to indicate the source of the packet..any suggestions or help on how to make this work
are welcome...!! You will not be able to shape the upload traffic for each client on eth0( after NAT all the packets have the same src address ). You can do policying or better u can use IMQ (
http://www.linuximq.net ) . ___ LARTC mailing list
LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartcI might be wrong on this Andrei..Iam Junior when it comes to traffic
shaping..but I think that is is quite possible to shape outgoingtraffic that is being shaped without having to use CMQ .The idea is that masqueraded or SNATed traffic leaves the linux routerhaving the same src address
i.e. the public address of the router in mycase. However IPTABLES or NETFILTER IN Linux has the following feature:The POSTROUTING chain is the last chain in the iptables ..and it is partof two tables the mangle table and the last table is the nat table. So
you can match traffic outgoing on the POSTROUTING chain if you match iton the mangle table which precedes the nat table.-FORWARD(mangle)-FORWARD(filter)-- -PRE--POST(mangle)-POST(nat)
-INPUT-LOCAL-OUTPUT(mangle-Filter-NAT)As A result the following setup should work Indeed it worked download sectiontc qdisc add dev eth1 root handle 11: cbq bandwidth 100Mbit avpkt \
1000 mpu 64tc class add dev eth1 parent 11:0 classid 11:1 cbq rate 50Kbit \weight 5Kbit allot 1514 prio 1 avpkt 1000 boundedtc filter add dev eth1 parent 11:0 protocol ip handle 4 fw flowid 11:1
Upload Sectiontc qdisc add dev eth0 root handle 10: cbq bandwidth 10Mbit avpkt \1000 mpu 64tc class add dev eth0 parent 10:0 classid 10:1 cbq rate 20Kbit \weight 2Kbit allot 1514 prio 1 avpkt 1000 bounded
tc filter add dev eth0 parent 10:0 protocol ip handle 3 fw flowid 10:1Now the tricky part is to mark the packets so that they can be shaped..the following only works for natted traffic and does not work for
traffic generated on the router itself.For Download Note that the mangle table precedes the nat tableiptables -t mangle -A POSTROUTING -s ! 192.168.1.0/24 -d \
192.168.1.0/24 -j MARK --set-mark 4For Uploadiptables -t mangle -A FORWARD -s 192.168.1.0/24 -j MARK --set-mark 3I got the script idea from
http://szabilinux.hu/bandwidth/-BEGIN PGP SIGNATURE-Version: GnuPG v1.4.4 (MingW32)Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.orgiD8DBQFE7v5wkgA8mKGs24MRAoCSAKCI0igWp2Km3/tbdi13ux5gB22GPACgptV7//xFDzU5P1aPCg7QxwaHnso==SWow-END PGP SIGNATURE-Yes, Ali, it can be done that way too, using fwmark. But in my opinion using IMQ it is much better and clean. IMQ was created specially for this kind of situations, when you want to do ingress shaping.
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
