htb/iptables: incoming vs. outgoing shaping?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

there's something I really don't understand. What I wanna 
do is to shape my incoming _and_ my outgoing traffic in speperate 
queues. I have a 256kbit up and 256kbit down link on eth1.
I want to use iptables to set the marks.

wan=eth1
lowin=1   # ; highin=2
lowout=5  # ; highout=6

# mark incoming traffic
iptables -t mangle -A PREROUTING -i $wan -p tcp --sport 80  \
           -j MARK --set-mark $lowin
# mark outgoing traffic
iptables -t mangle -A OUTPUT -o $wan -p tcp --dport 80 \
           -j MARK --set-mark $lowout

tc qdisc handle add dev $wan root handle 1:0 htb
tc class add dev $wan parent 1:0 classid 1:1 htb rate 256kbit # input shaping
tc class add dev $wan parent 1:0 classid 1:2 htb rate 256kbit # output shaping
tc class add dev $wan parent 1:1 classid 1:11 htb rate 64kbit # low in
tc class add dev $wan parent 1:1 classid 1:12 htb rate 192kbit # high in
tc class add dev $wan parent 1:2 classid 1:21 htb rate 64kbit # low out
tc class add dev $wan parent 1:2 classid 1:22 htb rate 192kbit # high out

tc filter add dev $wan parent 1:1 protocol ip prio 1 \
    fw handle $lowin flowid 1:11
tc filter add dev $wan parent 1:2 protocol ip prio 1 \
    fw handle $lowout flowid 1:21

What I think I have done is that I've created to main queues (1:1 and 1:2) 
each one rating up to 256kbit. Each main queue got devided into a queue for 
low traffic (non priorized) and one high traffic (priorized).
Then, I attatched the filter that anchors the iptables marked ip packets to 
their corresponding queue.

But does this really work? I also notices somewhere that you just can shape 
input traffic, and for output you need a special IMQ target for iptables, 
why? And why doesn't it work in that way? 

Furthermore, is this right how I mark the outgoing traffic? should this be 
done in POSTROUTING, or even somewhere else? It's that we've 
PREROUTING,INPUT, FORWARD,OUTPUT and POSTROUTING have in table mangle.

Please, would you help me solving my problem?

Thanks in advance,
Christian Parpart.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9eWOpPpa2GmDVhK0RAgYtAJ9EgbgblPUgeB+1C0rbBMGE2u6MCACdFpOh
ZIoj8dQQ3GYpWjxHrgTT/5Y=
=hq5D
-----END PGP SIGNATURE-----

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux