Alexandra Alvarado wrote: > > Thanks for answer my question, but... > > If i want to be more specific in my ipchains rules, and i want to > control the output bandwidth of eth1 card (that means the input traffic > of eth0 card), must i make a setup like this? > > Internet eth0 (207.87.93.32)|---------| eth1 /--- 10.10.10.0/28 > (intranet - PRIVATE addresses) > --------------------| LINUX |-----<HUB> > |---------| eth1:0 \--- 63.121.156.184/29 > (intranet - Voice Service - > PUBLIC (Virtual Interface) > > WHAT AM I CONTROLING HERE? OUTGOING OF ETH0? Yes, outgoing of eth0 BUT you have the wrong ipchains rules. The first one has as the source 207.87.93.32. It has to be 63.121.156.184/29. And you don't need to add -j ACCEPT. > > ipchains -A input i eth1 -s 207.87.93.32 -d 0/0 -j ACCEPT -m 1 > ipchains -A input i eth1 -s 10.10.10.0/28 -d 0/0 -j ACCEPT -m 1 > > tc qdisc add dev eth0 root handle 10: cbq bandwidth 10Mbit avpkt 1000 > tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 10Mbit rate > 10Mbit allot 1514 weight 1Mbit \ prio 8 maxburst 20 avpkt 1000 > tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 10Mbit > rate 64Kbit allot 1514 weight 6Kbit \ prio 5 maxburst 20 avpkt 1000 > bounded > tc qdisc add dev eth0 parent 10:100 sfq quantum 1514b perturb 15 > tc filter add dev eth0 protocol ip handle 1 fw classid 10:100 > > WHAT AM I CONTROLING HERE? OUTGOING OF ETH1? Same problem, wrong filters. First one is OK, but second one has to be 63.121.156.184/29. > > ipchains -A input -i eth0 -d 207.87.93.32 -j ACCEPT -m 2 > ipchains -A input -i eth0 -d 10.10.10.0/28 -j ACCEPT -m 2 > > tc qdisc add dev eth1 root handle 20: cbq bandwidth 10Mbit avpkt 1000 > tc class add dev eth1 parent 20:0 classid 20:1 cbq bandwidth 10Mbit rate > 10Mbit allot 1514 weight 1Mbit \ prio 8 maxburst 20 avpkt 1000 > tc class add dev eth1 parent 20:1 classid 20:100 cbq bandwidth 10Mbit > rate 64Kbit allot 1514 weight 6Kbit \ prio 5 maxburst 20 avpkt 1000 > bounded > tc qdisc add dev eth1 parent 20:100 sfq quantum 1514b perturb 15 > tc filter add dev eth1 protocol ip handle 2 fw classid 20:100 If you want to control ALL outgoing bandwidth on a NIC, you can attach a TBF as the first root qdisc : tc qdisc add dev eth0 root handle 10: tbf rate 64kbit buffer 20Kb/8 limit 15Kb tc qdisc add dev eth1 root handle 10: tbf rate 64kbit buffer 20Kb/8 limit 15Kb > > Thanks > > Alexandra > > Stef Coene wrote: > > > > Alexandra Alvarado wrote: > > > > > > Hello, > > > > > > I need somebody to help me with an example that control incoming packets > > > to 64Kbit and outgoing packets to 64Kbit from external interface of the > > > linux but using ipchains rules. > > You can't control incoming bandwidth. For outgoing bandwidth : > > > > - mark the packets witm -m option of ipchains : > > ipchains -A output -p tcp -m 1 > > > > - use the mark in a filter : > > tc filter add $DEV parent 10: protocol ip prio 3 handle 1 fw > > classid 10:2 > > > > - set up a bounded class 10:2 : > > tc qdisc add $DEV root handle 10: cbq bandwidth 10mbit avpkt 1000 > > tc class add $DEV parent 10:0 classid 10:2 cbq bandwidth 10mbit > > rate 64kbit allot 1514 maxburst 20 avpkt 1000 prio 4 isolated bounded -- Stef More QOS info : http://users.belgacom.net/staf/
