Am I correct?

[<LARTC@xxxxxxxxxxxxxxxxxxxx>]

I've got some customers that have lots of bandwidth that are uploading and
downloading files to our https:// help desk and are using up all of my T-1
at times. This leaves other customers sucking wind. I've taken a look at the
'15.10. Example of a full nat solution with QoS' section. Would it work for
me if I change the section that says eth0 to my internet adapter Serial0? If
I can do that, will that allow fair sharing between all my customers of the
https:// help desk?

My setup:

//////////   /////////////////   ///////
https:// |-- |eth0 * Serial0 |-- |INET |
//////////   /////////////////   ///////

My proposed script:

CEIL=1020 # actual is 1024Kbit
IFACE=Serial0

tc qdisc add dev $IFACE root handle 1: htb default 15
tc class add dev $IFACE parent 1: classid 1:1 htb rate ${CEIL}kbit ceil
${CEIL}kbit
tc class add dev $IFACE parent 1:1 classid 1:10 htb rate 170kbit ceil
170kbit prio 0
tc class add dev $IFACE parent 1:1 classid 1:11 htb rate 170kbit ceil
${CEIL}kbit prio 1
tc class add dev $IFACE parent 1:1 classid 1:12 htb rate 170kbit ceil
${CEIL}kbit prio 2
tc class add dev $IFACE parent 1:1 classid 1:13 htb rate 170kbit ceil
${CEIL}kbit prio 2
tc class add dev $IFACE parent 1:1 classid 1:14 htb rate 170kbit ceil
${CEIL}kbit prio 3
tc class add dev $IFACE parent 1:1 classid 1:15 htb rate 170kbit ceil
${CEIL}kbit prio 3

tc qdisc add dev $IFACE parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev $IFACE parent 1:13 handle 130: sfq perturb 10
tc qdisc add dev $IFACE parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev $IFACE parent 1:15 handle 150: sfq perturb 10

tc filter add dev $IFACE parent 1:0 protocol ip prio 1 handle 1 fw classid
1:10
tc filter add dev $IFACE parent 1:0 protocol ip prio 2 handle 2 fw classid
1:11
tc filter add dev $IFACE parent 1:0 protocol ip prio 3 handle 3 fw classid
1:12
tc filter add dev $IFACE parent 1:0 protocol ip prio 4 handle 4 fw classid
1:13
tc filter add dev $IFACE parent 1:0 protocol ip prio 5 handle 5 fw classid
1:14
tc filter add dev $IFACE parent 1:0 protocol ip prio 6 handle 6 fw classid
1:15

iptables -t mangle -I PREROUTING -p icmp -j MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p icmp -j RETURN
iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j
MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j RETURN
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN -j MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN -j RETURN
iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j
MARK --set-mark 0x3
iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j RETURN

iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j
MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j RETURN
iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j
MARK --set-mark 0x5
iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j RETURN
iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j
MARK --set-mark 0x6
iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j RETURN

Thanks in advance for any suggestions

Bernard


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/