Hello,
I'm trying to do some traffic control with a linux router running
ipchains and the cbq modules (using tc), I've got the following setup:
<internet> --- eth0 <linux router> eth1 --- <LAN>
Inside the LAN I've got private IPs, on the other side eth0 has a public
IP. I have several computers on the LAN that should be asigned a limited
bandwidth each.
I can limit the downstream bandwidth perfectly, however, as the linux
router is doing masquerading, I don't seem to be able to discriminate
upstream bandwidth based on each computer, as the outgoing source IP is
the public one on the router (eth0).
I'm only able to limit the bandwidth of the router itself, but it's not
a very good solutions, as the clients inside could have their upstream
bandwidth "eaten" by another one of the clients.
Any way to go about this? Or is there some documentation I missed? I'd
gladly appreciate any pointers to docs or suggestions.
Thank you,
Rodrigo Goya
The commands I'm testing with are the following, for now I'm using
basically the commands described in the HOWTO, except for the 64kbps rate:
/* For downstream bandwidth */
tc qdisc add dev eth1 root handle 10: cbq bandwidth 10Mbit avpkt 1000
tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 10Mbit rate\
10Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
tc class add dev eth1 parent 10:1 classid 10:200 cbq bandwidth 10Mbit rate\
0.064Mbit allot 1514 weight 6.4Kbit prio 5 maxburst 20 avpkt 1000\
bounded
tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15
tc filter add dev eth1 parent 10:0 protocol ip prio 100 u32 match ip dst\
192.168.7.9 flowid 10:200
/* For upstream bandwdidth */
tc qdisc add dev eth0 root handle 20: cbq bandwidth 10Mbit avpkt 1000
tc class add dev eth0 parent 20:0 classid 20:1 cbq bandwidth 10Mbit rate\
10Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
tc class add dev eth0 parent 20:1 classid 20:200 cbq bandwidth 10Mbit rate\
0.064Mbit allot 1514 weight 6.4Kbit prio 5 maxburst 20 avpkt 1000\
bounded
tc qdisc add dev eth0 parent 20:200 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 20:0 protocol ip prio 100 u32 match ip src\
192.168.7.9 flowid 20:200
/* I can put the router's public IP on this last command, but then all the
clients, including the router have to share the same bandwidth, I could
make the bandwidth larger, but then the problem I mentioned above
appears */
And for ipchains I'm testing with:
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward MASQ
ipchains -A input -s 192.168.7.9/32 -j ACCEPT
ipchains -A output -d 192.168.7.9/32 -j ACCEPT
