Hey everyone, Im trying to configure my HTB qdiscs for my network. My network setup: LAN --> Firewall --> Router -->Internet | | --> DMZ The firewall has 3 interfaces: Eth0 = LAN --> 100Mbps NIC Eth1 = DMZ --> 100Mbps NIC Eth2 = Internet --> 4MB link to internet Backgrond: DMZ Zone Eth1: Web/FTP, and SMTP servers. (100Mbps switches and NICs) WEB/FTP server :10.100.1.1/24 SMTP server:10.100.1.2/24 LAN Eth0: I have 3 different VLANs to categories the 3 different departments. VLAN1 -192.168.1.0/24 VLAN2 -192.168.2.0/24 VLAN3 -192.168.3.0/24 External Eth2 : 4MB Leased line to the internet. Currently my router that is connected to the 4MB leased line is becoming the bottleneck! 1.)How do I make the firewall Eth0 become the bottleneck???? Should I limit it to 10mbits as such: tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit 2.) I want to limit the bandwidth from the WEB/FTP servers from the DMZ to either the internet or the LAN. This is what I did: tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbps ceil 256kbps prio 7 tc filter add dev eth0 protocol ip parent 1:1 prio 7 handle 7 fw classid 1:10 tc qdisc add dev eth1 root handle 2: htb default 10 tc class add dev eth1 parent 2: classid 2:1 htb rate 3840kbps tc class add dev eth1 parent 2:1 classid 2:10 htb rate 128kbps ceil 128kbps prio 7 tc filter add dev eth1 protocol ip parent 2:1 prio 7 handle 7 fw classid 2:10 tc qdisc add dev eth2 root handle 3: htb default 10 tc class add dev eth2 parent 3: classid 3:1 htb rate 3840kbps tc class add dev eth2 parent 3:1 classid 3:10 htb rate 128kbps prio 7 tc filter add dev eth2 protocol ip parent 3:1 prio 7 handle 7 fw classid 3:10 /sbin/iptables -A PREROUTING -I eth1 -s 10.100.1.1 -t mangle -j MARK --set-mark 7 /sbin/iptables -A PREROUTING -I eth1 -d 10.100.1.1 -t mangle -j MARK --set-mark 7 After testing Via FTP/web downloads. It appears that Ive managed to limit the amount of bandwidth thru and from the FTP/WEB server from the DMZ. All other traffic (internet surfing etc) will fall into the default rules correct? Did I miss anything out? What I would like to accomplish : I would like to limit the max amount of bandwidth on Eth0 to 10MB, limit the max amount of bandwidth on Eth1 to 3840kbps and limit the max amount of bandwidth on Eth2 to 3840kbps. (4MB leased line to internet. Did I accomplish this? I executed a tc -s class show dev eth$ and noticed that the default values were wrong for both eth1 and eth2! root@gate2 root]# tc -s class show dev eth0 class htb 1:1 root rate 10Mbit ceil 10Mbit burst 14704b cburst 14704b Sent 114648626 bytes 157670 pkts (dropped 0, overlimits 0) rate 133156bps 221pps lended: 43368 borrowed: 0 giants: 0 tokens: 7303 ctokens: 7303 class htb 1:10 parent 1:1 prio 7 rate 1Mbit ceil 2Mbit burst 2909b cburst 4220b Sent 114617144 bytes 157600 pkts (dropped 0, overlimits 0) rate 133156bps 221pps backlog 5p lended: 114302 borrowed: 43368 giants: 0 tokens: -13123 ctokens: -13466 [root@gate2 root]# tc -s class show dev eth1 class htb 2:1 root rate 16Mbit ceil 16Mbit burst 22567b cburst 22567b Sent 27918685 bytes 53295 pkts (dropped 0, overlimits 0) rate 890Kbit 122pps lended: 0 borrowed: 0 giants: 0 tokens: 8780 ctokens: 8780 class htb 2:10 parent 2:1 prio 7 rate 1Mbit ceil 1Mbit burst 2909b cburst 2909b Sent 27905157 bytes 53263 pkts (dropped 0, overlimits 0) rate 890Kbit 122pps lended: 53295 borrowed: 0 giants: 0 tokens: 17589 ctokens: 17589 [root@gate2 root]# tc -s class show dev eth2 class htb 3:1 root rate 30Mbit ceil 30Mbit burst 40914b cburst 40914b Sent 17969859 bytes 119438 pkts (dropped 0, overlimits 0) rate 20777bps 165pps lended: 0 borrowed: 0 giants: 0 tokens: 8515 ctokens: 8515 class htb 3:10 parent 3:1 prio 7 rate 1Mbit ceil 1Mbit burst 2909b cburst 2909b Sent 17965779 bytes 119398 pkts (dropped 0, overlimits 0) rate 20777bps 165pps lended: 119438 borrowed: 0 giants: 0 tokens: 17888 ctokens: 17888 [root@gate2 root]# Any help in anyway is appreciated! Regards edmund _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
