[LARTC] script
Good day All
I'm starting to learn the whole of bandwidth management thing
I download Allan Beaufour Larsen script(attatched)
There are a few thing I dont understand
Please help
*Class 1:10,line 65
at the Iptables he marks packages for " -m tos --tosMinimize-Delay"
What is this
and
same,line 95 class 1:12 " -m tos --tos Maximize-Throughput" and line
106 " -m tos --tos Minimize-Cost"
and
down to the htb config line 212 for class 1:13 he talks about NATed
traffic but he doen not use this class anywhere
Please shed some light on these
And is this script any good??
#!/bin/bash
#
# NetCtrl version 0.3 by Allan Beaufour Larsen
#
# netctrl This script starts and stops shaping of network traffic.
#
# chkconfig: - 95 05
# description: netctrl shapes the network traffic.
# It adds marking to the 'mangle' iptable,
# and creates priority trees with htb for both $DEV and imq0.
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /sbin/tc ] || exit 0
RETVAL=0
prog=netctrl
##
# Setup local environment
##
# Device to be shaped
DEV=eth0
# Ceiling of outgoing connection (in kbit)
CEIL_UP=64
# Ceiling of incomming connection (in kbit)
CEIL_DOWN=1425
# Burst rate set for ex. browsing
BURST=30k
# What should the new table be named
# (to avoid conflict with pre-existing tables)
CHAINNAME=NETCTRL
##
# This function sets up the iptables to mark each packet type.
# This will enable the shapers to handle them accordingly.
##
setup_iptables() {
echo -n "Create ${CHAINNAME} chain "
( iptables -t mangle -N ${CHAINNAME} && echo_success) || echo_failure
echo
# Setup marking of packets in ${CHAINNAME}
echo -n "Setting up marking of packets in ${CHAINNAME} "
# CLASS 1:10
# ICMP-packets (Ping, etc.)
#echo -n "Iptables for icmp class 1:10"
iptables -t mangle -A ${CHAINNAME} -p icmp -j MARK --set-mark 0x1
# Minimize-delay TOS
iptables -t mangle -A ${CHAINNAME} -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
# SSH
#echo -n "Iptables for ssh class 1:10"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1
iptables -t mangle -A INPUT -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1
# SYN-packets
iptables -t mangle -I ${CHAINNAME} -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
# DNS
#echo -n "Iptables for dns class 1:10"
iptables -t mangle -I ${CHAINNAME} -p udp -m udp --sport 53 -j MARK --set-mark 0x1
iptables -t mangle -I ${CHAINNAME} -p udp -m udp --dport 53 -j MARK --set-mark 0x1
# CLASS 1:11
# HTTP
#echo -n "Iptables for http class 1:11"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2
# HTTPS
#echo -n "Iptables for https class 1:11"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --sport 443 -j MARK --set-mark 0x2
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
# CLASS 1:12
# Maximize-Throughput TOS (should we trust people?)
iptables -t mangle -A ${CHAINNAME} -m tos --tos Maximize-Throughput -j MARK --set-mark 0x3
# CLASS 1:13
# Empty for now (used for local server packets)
# CLASS 1:14
# Minimize-cost TOS
iptables -t mangle -A ${CHAINNAME} -m tos --tos Minimize-Cost -j MARK --set-mark 0x5
# SMTP
#echo -n "Iptables for smtp class 1:14"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 25 -j MARK --set-mark 0x5
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x5
iptables -t mangle -A INPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x5
# POP3
#echo -n "Iptables for pop3 class 1:14"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 110 -j MARK --set-mark 0x5
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 110 -j MARK --set-mark 0x5
iptables -t mangle -A INPUT -p tcp -m tcp --dport 110 -j MARK --set-mark 0x5
# IMAP
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 143 -j MARK --set-mark 0x5
# IMAPS
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 993 -j MARK --set-mark 0x5
# POP3S
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 995 -j MARK --set-mark 0x5
echo_success
echo
# CATCH REST
echo -n "Setting default mark for PREROUTING "
[LARTC] htb kernel 2.4.18
Good day all I'm trying to install htb under redhat 7.3 I got htb and patched the kernel,mad a make menuconfig and selected htb under qos and did the recompile and started up with the new kernel now when I run the scrip it says Any Idea pleas Setting up htb for eth0 (ceil = 512) Unknown qdisc "htb", hence option "default" is unparsable Error: Qdisc "htb" is classless. Error: Qdisc "htb" is classless. RTNETLINK answers: Invalid argument Error: Qdisc "htb" is classless. RTNETLINK answers: Invalid argument Error: Qdisc "htb" is classless. RTNETLINK answers: No such file or directory RTNETLINK answers: Invalid argument Error: Qdisc "htb" is classless. RTNETLINK answers: No such file or directory RTNETLINK answers: Invalid argument Error: Qdisc "htb" is classless. RTNETLINK answers: No such file or directory RTNETLINK answers: Invalid argument Error: Qdisc "htb" is classless. RTNETLINK answers: No such file or directory RTNETLINK answers: Invalid argument ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] network monitor
I need to have some sort of web interface so that windows users can also access it and it needs to save the data so we can se it over a period of time On Wed, 2004-02-04 at 17:13, Mike Miller wrote: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > I need to know what is going on/in/out on my network.Now I know of ntop > > and mrtg's but aren't there something different > If you're looking for a console based tool try iptraf to monitor current > stats of network devices. > > Regards, > Mike. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] network monitor
Good Day all I need to know what is going on/in/out on my network.Now I know of ntop and mrtg's but aren't there something different Thanks ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] adsl on/off
Good day all Now I'm from South-Africa,here we have adsl router/modems You set the router to do the dialup and authentication and the set it as your gateways box's gateway.Now sometimes the links gets drop and is off for a while.Are there any way,for linux,my gateway of letting me now that the link was/is down.Note that the box is not dialing so there is no adsl-status. What I NEED to do it be able to know if the link is down,and if the link is down use a modem dialup and when the link get back up stop the modem.Any Ideas Thanks ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] limiting p2p
Ok What I did was blocking all forwarding,in and out, traffic on my gateway with iptables.Only allowing establish related traffic in and out ports thy use,80,25,110 ens.This will stop it connecting to a weard port Now the thing about kazaa is the after it tryed all 65XXX ports it will try in port 80,this can take a while and the stoopid user will have close it Now what you do is setup a transparent proxy with iptables and squid.On squid you create acl's to stop .mp3 and .wav ens. files And .dat files,wat kazaa uses. Now this worked for me. On Mon, 2004-02-02 at 11:39, Michal Kustosik wrote: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > On Fri, Nov 07, 2003 at 12:27:25PM -0300, ThE PhP_KiD wrote: > > Hi List ! > > > > I'm trying excelent module ipt_p2p from Filipe > > Almeida in a Linux Box with several connections, > > in order to block p2p traffic with next rule: > > > [...] > > > how ever, I've noted that after two days running, > > that Linux Box (RH 7,2 updated - Kernel 2.4.22 > > - iptables 1.2.8 with String and ConnMark modules, > > Pentium 4, 1.8 Mhz, 256 Mgbytes RAM, and 3c509 eth0, > > eth1 and eth2), > > begins to drop others packets and a simple ping > > look like this: > > > > > > # ping 192.168.210.3(by example) > > > > PING 192.168.210.3 (192.168.210.3) from 192.168.210.254 : 56(84) bytes of > > data. > > 64 bytes from 192.168.210.3: icmp_seq=0 ttl=64 time=499 usec > > ping: sendto: Operation not permitted > > ping: sendto: Operation not permitted > > ping: sendto: Operation not permitted > > 64 bytes from 192.168.210.3: icmp_seq=1 ttl=64 time=478 usec > > ping: sendto: Operation not permitted > > ping: sendto: Operation not permitted > > 64 bytes from 192.168.210.3: icmp_seq=2 ttl=64 time=489 usec > > ping: sendto: Operation not permitted > > ping: sendto: Operation not permitted > > ping: sendto: Operation not permitted > > > > Hi! > > I have the same problem... Have you solved it? > I can't see any answer for your email :( > > best ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] htb+beginner+error
Good day all
So at log last I did my script
We have a 256kbite connection.This scrip runs on my gateway box(the same
for script for eth1(ext) and eth0(int)
I want to limit all other traffic to 10kbites but when I do it I give me
this error:
HTB quantum of class 10034 is to small.consider r2q <7>htb*g j=42801780
Here is my script.If you have any Idea to better it let me know.Its a
bit from here and there and some of my own
#!/bin/bash
DEV=eth1
RATEUP=256
#To get stats
if [ "$1" = "stats" ]
then
echo "[qdisc]"
tc -s qdisc show dev $DEV
echo "[class]"
tc -s class show dev $DEV
#echo "[filter]"
#tc -s filter show dev $DEV
#echo "[iptables]"
exit
fi
#Reset
tc qdisc del dev $DEV root
if [ "$1" = "stop" ]
then
echo "Shaping removed on $DEV."
exit
fi
###
#
# Outbound Shaping (limits total bandwidth to RATEUP)
# set queue size to give latency of about 2 seconds on low-prio packets
ip link set dev $DEV qlen 30
# changes mtu on the outbound device. Lowering the mtu will result
# in lower latency but will also cause slightly lower throughput due
# to IP and TCP protocol overhead.
ip link set dev $DEV mtu 1000
# add HTB root qdisc
tc qdisc add dev $DEV root handle 1: htb default 23
# add main rate limit classes
tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit
# add leaf classes - We grant each class at LEAST it's "fair share" of
bandwidth.
#this way no class will ever be starved by another
class. Each
#class is also permitted to consume all of the
available bandwidth
#if no other classes are in use.
tc class add dev $DEV parent 1:1 classid 1:20 htb rate ${RATEUP}kbit
ceil ${RATEUP}kbit prio 0
tc class add dev $DEV parent 1:1 classid 1:21 htb rate 192kbit ceil
256kbit prio 1
tc class add dev $DEV parent 1:1 classid 1:22 htb rate 54kbit ceil
256kbit prio 2
tc class add dev $DEV parent 1:1 classid 1:23 htb rate 10kbit ceil
256kbit prio 3
# attach qdisc to leaf classes - here we at SFQ to each priority class.
SFQ insures that
#within each class connections will be
treated (almost) fairly.
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev $DEV parent 1:23 handle 23: sfq perturb 10
tc filter add dev $DEV protocol ip parent 1:0 prio 2 u32 \
match ip dport 20 0x flowid 1:22
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 22 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 3000 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 2 u32 \
match ip dport 25 0x flowid 1:22
tc filter add dev $DEV protocol ip parent 1:0 prio 2 u32 \
match ip dport 110 0x flowid 1:22
tc filter add dev $DEV protocol ip parent 1:0 prio 2 u32 \
match ip sport 25 0x flowid 1:22
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
match ip dport 80 0x flowid 1:21
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
match ip dport 443 0x flowid 1:21
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
match ip dport 1443 0x flowid 1:21
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
match ip sport 1443 0x flowid 1:21
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
match ip dport 1494 0x flowid 1:21
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
match ip sport 1494 0x flowid 1:21
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
match ip dport 4400 0x flowid 1:21
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 \
match ip sport 4400 0x flowid 1:21
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 15000 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 15001 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 15002 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 15003 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 15004 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 15005 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 15006 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 15007 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 prio 0 u32 \
match ip dport 15008 0x flowid 1:20
tc filter add dev $DEV protocol ip parent 1:0 p
[LARTC] htb+redhat7.3
HI all Just doing so recon before doing a installation Will htb work on redhat 7.3,default kernel,i think 2.4.18? Thanks ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] ap 450
Good dat all I have a Lucent AP450 I'm havin trouble administratin it with the web interface under linux.Under windows all seem to be 100 but the menus is not showing under linux.I dont think this is a ap proble maybe a mozilla.I dont know.Anyone have the same problem? Thanks Eddie ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
lartc@mailman.ds9a.nl
OK but how do I specify a range of ports,for examples 15000-15010 15000:15010?? On Wed, 2004-01-07 at 19:09, Stef Coene wrote: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > On Wednesday 07 January 2004 07:20, Eddie wrote: > > Good Day All > > Just 2 questions on htb > > > > 1,My Wan link is on eth1 and my Lan on eth0,where do I put my htb on?I > > want to limit web serving and ftp ens. > eth1 for downloads from your web/ftp server > eth0 for uploads to your web/ftp server > > > 2.Im going to use the u32 filter.Can I use sub-netting for IP,i.o.w > > where src is can I do 192.168.1.0/24? > Yes you can. See > http://docum.org/stef.coene/qos/docs/u32-filter.html > > Stef ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
lartc@mailman.ds9a.nl
Good Day All Just 2 questions on htb 1,My Wan link is on eth1 and my Lan on eth0,where do I put my htb on?I want to limit web serving and ftp ens. 2.Im going to use the u32 filter.Can I use sub-netting for IP,i.o.w where src is can I do 192.168.1.0/24? Thanks and Please Help Eddie ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Cisco
Hi I know this does not have anything to do with the list But I'm looking for books,doc's or anything on these Cisco exams I looking to do them this year.Please CCNP Exams & Recommended Training Required Exam(s) Recommended Training 642-801 BSCI Building Scalable Cisco Internetworks v2.0 (BSCI) 642-811 BCMSN Building Cisco Multilayer Switched Networks v2.0 (BCMSN) 642-821 BCRAN Building Cisco Remote Access Networks v2.0 (BCRAN) 642-831 CIT Cisco Internetwork Troubleshooting Support v5.0 (CIT) Thanks Eddie ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] x21
Hi All anyone got the cyclades pc300 x21 card to work under linux? Thanks Eddie ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] mangle
Hi all I have a linux gateway box,eth1 internet and eth0 lan Now I made my qdisk for eth1 but now I want to mark them with iptables. The thing it I dont now wht to use,-A FORWARD or PREROUTING? Please can someone help thanks eddie ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] bandwidth lang
Hi all Well the thing is I need to learn bandwidth management,fast. Well I've read a few stuff but the thing is,as I understand,there is lots of ways and "languages" to use,cbq,htb ens.What is the best and you now of a howto just for that specific one? Thanks Eddie ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB traffic shaping + squid cache proxy
just a thing.As I understand the users go to squid and squid goes to the web page?Something like this [network]-8080[eth0 linux eth1]80---web. So if you limit the port 80 traffic on eth1 it should slow down squid but you dont want to limit traffic on eth0's 8080 because what's the use of a proxy then? This is just how I see it? On Thu, 2003-11-13 at 11:23, Rokas wrote: > Hello! > > My system is: > Internet ADSL(PPPoE) ---> ppp0 [LINUX server(router)] eth0 ---> LAN > Server(router) is running on LINUX Slackware 8.1. I have recompiled a > 2.4.22 kernel, enabled all QoS support in the kernel config, > including HTB. My ADSL bandwidth is 256Kbit/s for download and > 64Kbit/s for upload. > > I use the following HTB+IPTABLES configuration, because I want to > reduce bandwith for all traffic, except HTTP, MAIL, ICQ, IRC, SSH and > etc. > - > #!/bin/bash > TC=/sbin/tc > IPTABLES=/usr/sbin/iptables > > $TC qdisc del dev eth0 root 2> /dev/null > /dev/null > $TC qdisc del dev ppp0 root 2> /dev/null > /dev/null > $IPTABLES -F POSTROUTING -t mangle > > $TC qdisc add dev eth0 root handle 1: htb default 50 r2q 2 > > $TC class add dev eth0 parent 1: classid 1:2 htb rate 248Kbit burst 35k > > $TC class add dev eth0 parent 1:2 classid 1:10 htb rate 220Kbit ceil 240Kbit burst > 25k prio 0 > > $TC class add dev eth0 parent 1:2 classid 1:30 htb rate 28Kbit ceil 28Kbit burst 10k > prio 1 > > $TC qdisc add dev eth0 parent 1:10 handle 11: sfq perturb 10 > $TC qdisc add dev eth0 parent 1:30 handle 33: sfq perturb 10 > > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -j MARK --set-mark 3 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 80 -j > MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 443 -j > MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 22 -j > MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 21 -j > MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 53 -j > MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p udp --sport 53 -j > MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 110 -j > MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 5190 > -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport > 6661:6669 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p icmp -j MARK > --set-mark 1 > > $TC filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:10 > $TC filter add dev eth0 parent 1:0 protocol ip handle 3 fw flowid 1:30 > ## > > $TC qdisc add dev ppp0 root handle 1: htb default 20 > > $TC class add dev ppp0 parent 1: classid 1:1 htb rate 62Kbit burst 35k > $TC class add dev ppp0 parent 1:1 classid 1:10 htb rate 40Kbit ceil 60Kbit burst 25k > prio 1 > > $TC class add dev ppp0 parent 1:1 classid 1:20 htb rate 15Kbit ceil 55Kbit burst 10k > prio 2 > > $TC class add dev ppp0 parent 1:1 classid 1:30 htb rate 7Kbit ceil 28Kbit burst 5k > prio 3 > > $TC qdisc add dev ppp0 parent 1:10 handle 10: sfq perturb 10 > $TC qdisc add dev ppp0 parent 1:20 handle 20: sfq perturb 10 > $TC qdisc add dev ppp0 parent 1:30 handle 30: sfq perturb 10 > > $TC filter add dev ppp0 parent 1:0 protocol ip prio 10 u32 \ > match ip tos 0x10 0xff flowid 1:10 > > $TC filter add dev ppp0 parent 1: protocol ip prio 10 u32 \ >match ip protocol 6 0xff \ >match u8 0x05 0x0f at 0 \ >match u16 0x 0xffc0 at 2 \ >match u8 0x10 0xff at 33 \ >flowid 1:10 > > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -j MARK --set-mark 12 > > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p icmp -j MARK > --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --sport 22 -j > MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --sport 80 -j > MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 80 -j > MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 21 -j > MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 20 -j > MARK --set-mark 11 > > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MARK --set-mark 13 > > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 80 -j > MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 443 -j > MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp
lartc@mailman.ds9a.nl
Hi all.Attached is my newly tried scrip.We have a digital 128Kbit
line.This is what I did but the problem is when I do remote admin on the
box it-self with ssh,its very slow.I tried to class it as OUTPUT but I
think something is wrong.
Please help and better my scrip.I dont know much(that's why its such a
mess) but I hope to learn,with some help.
Thanks
#!/bin/bash
# DEV- set to ethX that connects to DSL/Cable Modem
# RATEUP - set this to slightly lower than your
# outbound bandwidth on the DSL/Cable Modem.
# I have a 1500/128 DSL line and setting
# RATEUP=90 works well for my 128kbps upstream.
# However, your mileage may vary.
# NOTE: The following configuration works well for my
# setup: 1.5M/128K ADSL via Pacific Bell Internet (SBC Global Services)
DEV=eth0
RATEUP=128
if [ "$1" = "status" ]
then
echo "[qdisc]"
tc -s qdisc show dev $DEV
echo "[class]"
tc -s class show dev $DEV
echo "[filter]"
tc -s filter show dev $DEV
echo "[iptables]"
iptables -t mangle -L MYSHAPER-OUT -v -x 2> /dev/null
exit
fi
# Reset everything to a known state (cleared)
tc qdisc del dev $DEV root2> /dev/null > /dev/null
iptables -t mangle -D POSTROUTING -o $DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -D PREROUTING -i $DEV -j MYSHAPER-IN 2> /dev/null > /dev/null
if [ "$1" = "stop" ]
then
echo "Shaping removed on $DEV."
exit
fi
###
#
# Outbound Shaping (limits total bandwidth to RATEUP)
# set queue size to give latency of about 2 seconds on low-prio packets
ip link set dev $DEV qlen 30
# changes mtu on the outbound device. Lowering the mtu will result
# in lower latency but will also cause slightly lower throughput due
# to IP and TCP protocol overhead.
ip link set dev $DEV mtu 1000
# add HTB root qdisc
tc qdisc add dev $DEV root handle 1: htb default 23
# add main rate limit classes
tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit
# add leaf classes - We grant each class at LEAST it's "fair share" of bandwidth.
#this way no class will ever be starved by another class. Each
#class is also permitted to consume all of the available bandwidth
#if no other classes are in use.
tc class add dev $DEV parent 1:1 classid 1:20 htb rate ${RATEUP}kbit ceil ${RATEUP}kbit prio 0
tc class add dev $DEV parent 1:1 classid 1:21 htb rate 96kbit ceil ${RATEUP}kbit prio 1
tc class add dev $DEV parent 1:1 classid 1:22 htb rate 32kbit ceil ${RATEUP}kbit prio 2
tc class add dev $DEV parent 1:1 classid 1:23 htb rate 10kbit ceil ${RATEUP}kbit prio 3
# attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ insures that
#within each class connections will be treated (almost) fairly.
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev $DEV parent 1:23 handle 23: sfq perturb 10
# filter traffic into classes by fwmark - here we direct traffic into priority class according to
# the fwmark set on the packet (we set fwmark with iptables
# later). Note that above we've set the default priority
# class to 1:23 so unmarked packets (or packets marked with
# unfamiliar IDs) will be defaulted to the lowest priority
# class.
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
# add MYSHAPER-OUT chain to the mangle table in iptables - this sets up the table we'll use
# to filter and mark packets.
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT
# add fwmark entries to classify different types of traffic - Set fwmark from 20-23 according to
# desired class. 20 is highest prio.
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 0:1024 -j MARK --set-mark 23 # Default for low port traffic
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 0:1024 -j MARK --set-mark 23 # ""
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 15000:15010 -j MARK --set-mark 20 # For banking software
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 20 -j MARK --set-mark 22
[LARTC] post- and preouting
HI all In Advance routing and traffic control's example(15.10) they use PREROUTING and in ADSL Bandwidth management's script they POSTROUTING to send the ports to the filters Can someone tell me diff. Thanks eddie ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
lartc@mailman.ds9a.nl
Hi all.
I'm very new to Linux and the whole traffic shaping thing.
Now this is what I've got.A 128Kbit line on eth0 and a 100+ network on
eth1.The mail server is on the internal network(eth1 side).
This is what I want.
They run banking software that uses port 15000-15010.I want the bank
ports and if I'm going to ssh INTO the box to get all bandwidth,that is
128Kbit.Then I want the internal users limited to 96Kbit for web,32 for
mail in and out and 10Kbit for other stuff.I also want them all to share
bandwidth if not use(banking is not done most of the time but if it is
it should get the most)
I got this far and have no idea,I've been reading advance routing and
traffic control,but as the song goes,I'm not the sharpest tool int the
shed.
This is what I've got so far(taken from
15.10. Example of a full nat solution with QoS)
My main problem,if this is right,is with the filter.I don't know how
Please help me because I'm thinking traffic control is a myth?
Thanks Eddie
CEIL=128
tc qdisc add dev eth0 root handle 1: htb default 13
tc class add dev eth0 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate $(CEIL)kbit ceil $(CEIL)kbit
prio 0
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 96kbit ceil ${CEIL}kbit prio 1
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 32kbit ceil ${CEIL}kbit prio 2
tc class add dev eth0 parent 1:1 classid 1:13 htb rate 10kbit ceil ${CEIL}kbit prio 2
tc qdisc add dev eth0 parent 1:10 handle 120: sfq perturb 10
tc qdisc add dev eth0 parent 1:11 handle 130: sfq perturb 10
tc qdisc add dev eth0 parent 1:12 handle 140: sfq perturb 10
tc qdisc add dev eth0 parent 1:13 handle 150: sfq perturb 10
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Traffic acounting
Hi.I new to this so forgive me for errors What about ntop? On Tue, 2003-11-11 at 12:10, Kristiadi Himawan wrote: > Hi, > Sorry the subject OOT. > Anyone know about html based (using mrtg) for traffic report that show per > service traffic. > > Thanx. > > Regards, > > Kris > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
