On Wednesday 30 July 2003 19:04, Daniel Ardelian wrote:
This can be fun :) A windows guy playing with traffic shaping :)
> I have a 64 Kbps leased line IDSL connection (with static IP address). My
> modem is connected to the server via a 10 Mbps Ethernet connection. The
> server currently runs Win2000 Pro with Internet Connection Sharing to
> provide Internet access to my private network (10 workstations). I also use
> an Apache Web server to host my company's web page on this server. This
> configuration provided good service until the number of workstations
> increased from 5 to 10 and Kazaa appeared. If a user starts a longer
> download, others cant access the Internet. So I'm considering switching
> from Win2000 to Linux and using some sort of traffic shaping. Furthermore,
> the internal network will have to be split into 2 subnets for privacy
> purposes.
> What I want to achieve looks something like this:
>
> 1) Incoming traffic (outside surfers visiting the company web page) must
> have the highest priority, and probably, for some time, the web server will
> still have to run on Win2000, until some CGI web apps are ported to linux
You can put your web-server in your LAN and do port forwarding :
# Redirecting incoming traffic on port 80 to your web-server (eth1 is you
internet NIC and 192.168.1.253 is you web-server ip address)
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
192.168.1.253:80
> 2) The two internal subnets should have the same download priority, lower
> than incoming traffic
No problem.
> 3) The available bandwidth should be equally split between any active
> internal users (if only 1 user is active, it should get all available
> bandwitdh).
No problem.
> Can anyone tell me if I can achieve all that with a linux box and 3 NIC's
> ? I have no previous linux experience, but after googling for a day or two,
> I know this:
> 1) I will have to use IP Masquerading
> 2) It looks like i should use the Stochastic Fairness Queueing (SFQ) to
> shape outgoing traffic
Not really.
> 3) I have no idea how to achieve requirement no. 1 (regarding incoming
> traffic to my web site before any other traffic)
>
> Thanks in advance. Any suggestions are welcome, I dont expect anyone to
> solve the problem for me, maybe just some hints as to where I should look
> next...
Ok, first of all, you can only shape outgoing traffic. If you have 3 nic's
and want to shape traffic from the internet to you, this can be problem. But
you can patch the kernel so you can create a virtial imq device. And with
simple iptables commands, you can redirect all incoming packets from the
internet to this imq device. The good news is you can shape on that imq
device.
For the shaping part (once you have all the trafffic entering the imq device),
you have to create 3 classes : one for the web-server, one for subnet 1 and
one for subnet 2. The only problem you will have is splitting the traffic.
Incoming traffic has the src address of the firewall so you can not use the
src address to filter.
The classes can be htb or cbq class. But I suggest you go for htb.
To create the htb classes, see lartc.org and docum.org
Good luck :)
Stef
--
stef.coene@xxxxxxxxx
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
