Currently, I have set up a Linux 2.4.12 router/firewall/NAT to allow our network of users to access the Internet.
--------- eth0 ---- Linux router/firewall/NAT --- eth1 ---- Local network
a.b.c.d 192.168.1.254I can't seem to find enough information on tc and all the different parameters possible with the command. Anyway, I found an ADSL-bandwidth-management howto and followed to the letter, as follows:-
ip link set eth0 txqueuelen 20
tc qdisc add dev eth0 root handle 128: cbq bandwidth 10mbit avpkt 700
tc class add dev eth0 parent 128:0 classid 128:1 cbq bandwidth 10mbit rate 90kbit allot 1514 weight 9kbit prio 5 \
maxburst 1 avpkt 700 bounded
tc qdisc add dev eth0 parent 128:1 prio bands 4 priomap 0 1 2 3 3 3 3 3 3 3 3 3 3 3 3 3
tc filter add dev eth0 parent 128:0 protocol ip prio 5 u32 match ip src a.b.c.d flowid 128:1
One member on the network is downloading continuously off Morpheus. The originator connects to the peer through a destination port 1214. I want to make it the lowest priority outgoing traffic but don't seem to be able to do that.
I use iptables to mark packets matching the following criteria:-
iptables -t mangle -N MANGLE_PREROUTING
iptables -t mangle -F MANGLE_PREROUTING
iptables -t mangle -A MANGLE_PREROUTING -p ALL -j MARK --set-mark 2
iptables -t mangle -A MANGLE_PREROUTING -p tcp --dport 1214 -j MARK --set-mark 3
iptables -t mangle -A MANGLE_PREROUTING -p icmp -j MARK --set-mark 0
iptables -t mangle -A MANGLE_PREROUTING -p tcp --dport 0:1024 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth1 -j MANGLE_PREROUTING
With the above, I could see packets being marked as they enter into eth1, as expected. Using iptables -L -t mangle -v, I could see the statistics of the chain.
However, originally, I had the iptables set up below:-
iptables -t mangle -N MANGLE_OUTPUT iptables -t mangle -F MANGLE_OUTPUT iptables -t mangle -A MANGLE_OUTPUT -p ALL -j MARK --set-mark 2 iptables -t mangle -A MANGLE_OUTPUT -p tcp --dport 1214 -j MARK --set-mark 3 iptables -t mangle -A MANGLE_OUTPUT -p icmp -j MARK --set-mark 0 iptables -t mangle -A MANGLE_OUTPUT -p tcp --dport 0:1024 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -o eth0 -j MANGLE_OUTPUT
I would have thought that I should mark the packets on its way out to the Internet on "eth0" which is connected to the ADSL modem. But packets are only marked if they originate from the Linux router/firewall box. For example, if I do a Ping from any of the machines behind the firewall, I don't see its packets marked on the eth0 interface. However, if I Ping from the firewall, I can see its packets marked.
If packets arriving on eth1 are forwarded to the Internet, they would have been sent out on eth0. Why wouldn't these forwarded packets be marked?
I don't have any idea if the tc filter works.
tc -s qdisc qdisc prio 8001: dev eth0 bands 4 priomap 0 1 2 3 3 3 3 3 3 3 3 3 3 3 3 3 Sent 69665656 bytes 129757 pkts (dropped 3556, overlimits 0) backlog 10p
qdisc cbq 128: dev eth0 rate 10Mbit (bounded, isolated) prio no-transmit sent 69674548 bytes 129957 pkts (dropped 3356, overlimits 147192) backlog 10p borrowed 0 overactions 0 avgidle 399 undertime 0
tc -stat filter show dev eth0
filter parent 128: protocol ip pref 5 u32
filter parent 128: protocol ip pref 5 u32 fh 800: ht divisor 1
filter parent 128: protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 128:1 match a.b.c.d/ffffffff at 12
I really want to see the numbers of packets in each of the 4 bands. Can someone show me how I can get more accurate statistics of tc's performance?
I don't think my configuration works, because when Morpheus is running, the reaction on web browsing and ftp is noticeably slower. My assumption is that by throttling back the ACKs from the Morpheus client, that would limit the amount of download from the server. Am I wrong in this assumption? If so, do I need to throttle the incoming too?
