Hi, i want to build a firewall which restricts the traffic on ETH1 to 64Kb.,
i tried to use traffic shaper but if i try to apply the iptables rules to
the shaper0 device there are no communication between interfaces =(, so im
trying to make it via QOS and use the BOUNDES statement to restrict the
maximum traffic, here are my script:
# Attaching the Qdisc to the eth0 device. The maximum available bandwidth
is 10Mbit.
tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit cell 8 avpkt 1000
mpu 64
# Adding the root class to the queuing discipline. The root has 10 Mbit
completely.
tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate
10Mbit allot 1514 cell 8 weight 1Mbit prio 8 maxburst 20 avpkt 1000
# Traffic to testbed11. The priority is 3 and the allocation is 64 Kbit.
tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate
64Kbit allot 1514 cell 8 weight 100Kbit prio 3 maxburst 20 avpkt 1000 split
1:0 bounded
# Traffic to testbed13. The priority is 7 and the allocation is 10176 Kbit.
tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 10Mbit rate
10176Kbit allot 1514 cell 8 weight 800Kbit prio 7 maxburst 20 avpkt 1000
split 1:0 bounded
# Installing the route classifier on the root of the tree.
tc filter add dev eth0 parent 1:0 protocol ip prio 100 route
# Assigning the route and the rules for testbed11
ip route add 192.168.0.11 via 192.168.0.1 flow 1:2
NOTE: on this command i get:
root@xxxxx:/home/user#ip route add 192.168.0.11 via 192.168.0.1 flow 1:2
Error: either "to" is duplicate, or "flow" is a garbage
QUESTION 1
Is possible restrict to 64 K a link using a Queuing discipline?
Thanks in advance
<---- Begin Signature
Ing. Juan Pablo Feria Gomez
Responsable Técnico
TERRA NETWORKS SONORA
Voz : (62)594750 ext. 293
E-Mail: jferiago@xxxxxxxxxxxxxxxxxxxxxx
ICQ# : 2149711
Õ¿Õ¬ "I believe in miracles, I believe in a better world for me and you"
~
