Hi,
I have a CENTOS BOX as a firewall . both iptabes and iproute 2 are running on it.
pls see bleow for installed RPMs.
[root@firebox ~]# rpm -qa |grep iptables
iptables-1.2.11-3.1.RHEL4
[root@firebox ~]# rpm -qa |grep iproute
iproute-2.6.9-3.EL4.7
It has 3 ethernet cards.
pls see below.
eth0 - internet ip (pls asume. 1.2.3.4/29 ). it connects to ISP router.
eth1 - 192.168.100.254
eth2 - 192.168.101.254
There are 2 LANs behind this firewall. both LANs have access to internet due to SNAT rules in the firewall. I have given many SNAT rules per ip basic. some users have full access, some have only web and smtp. I have added many forward rules to suit those SNAT rules.
All work fine.
one LAN is 192.168.100.0/24, while the other LAN is 192.168.101.0/24
Now, I want LAN with 192.168.101.0/24 to allocate 64 kbit out of 256 kbit. the rest for others.
I added rules to the firewall. But I still can not allocate 64 kbit for LAN with 192.168.101.0/24
I think I need a PREROUTING chain for LAN with 192.168.101.0/24
Script is given below.
INTERFAZ_INT=eth0
FULLBANDWIDTH=256
BANDWIDTH4LAN=64
iptables -t mangle -A PREROUTING -s 192.168.101.0/24 -j MARK --set-mark 0x5
tc qdisc add dev $INTERFAZ_INT root handle 1 htb r2q 4
tc class add dev $INTERFAZ_INT parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit
tc class add dev $INTERFAZ_INT parent 1: classid 1:5 htb rate "$BANDWIDTH4LAN"Kbit
tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10
tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 5 fw classid 1:5
Still no luck. after applying the obove rules, I downloaded an centos ISO image. But , I still can download @ the usual rate. ( i.e 30-33 kbytes per seconds).
If these rules work, I will be able to download @ about 8 kbyes per second. (i.e - 8*8 kbit= 64 kbit)
That is what I expect ?
Where have I gone wrong?
--
Thank you
Indunil Jayasooriya
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
