just a thing.As I understand the users go to squid and squid goes to the web page?Something like this [network]-----8080----[eth0 linux eth1]----80---web. So if you limit the port 80 traffic on eth1 it should slow down squid but you dont want to limit traffic on eth0's 8080 because what's the use of a proxy then? This is just how I see it? On Thu, 2003-11-13 at 11:23, Rokas wrote: > Hello! > > My system is: > Internet ADSL(PPPoE) ---> ppp0 [LINUX server(router)] eth0 ---> LAN > Server(router) is running on LINUX Slackware 8.1. I have recompiled a > 2.4.22 kernel, enabled all QoS support in the kernel config, > including HTB. My ADSL bandwidth is 256Kbit/s for download and > 64Kbit/s for upload. > > I use the following HTB+IPTABLES configuration, because I want to > reduce bandwith for all traffic, except HTTP, MAIL, ICQ, IRC, SSH and > etc. > ------------------------------------------------------------------------- > #!/bin/bash > TC=/sbin/tc > IPTABLES=/usr/sbin/iptables > > $TC qdisc del dev eth0 root 2> /dev/null > /dev/null > $TC qdisc del dev ppp0 root 2> /dev/null > /dev/null > $IPTABLES -F POSTROUTING -t mangle > > $TC qdisc add dev eth0 root handle 1: htb default 50 r2q 2 > > $TC class add dev eth0 parent 1: classid 1:2 htb rate 248Kbit burst 35k > > $TC class add dev eth0 parent 1:2 classid 1:10 htb rate 220Kbit ceil 240Kbit burst 25k prio 0 > > $TC class add dev eth0 parent 1:2 classid 1:30 htb rate 28Kbit ceil 28Kbit burst 10k prio 1 > > $TC qdisc add dev eth0 parent 1:10 handle 11: sfq perturb 10 > $TC qdisc add dev eth0 parent 1:30 handle 33: sfq perturb 10 > > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -j MARK --set-mark 3 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 80 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 443 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 22 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 21 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 53 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p udp --sport 53 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 110 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 5190 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 6661:6669 -j MARK --set-mark 1 > $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p icmp -j MARK --set-mark 1 > > $TC filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:10 > $TC filter add dev eth0 parent 1:0 protocol ip handle 3 fw flowid 1:30 > ############################## > > $TC qdisc add dev ppp0 root handle 1: htb default 20 > > $TC class add dev ppp0 parent 1: classid 1:1 htb rate 62Kbit burst 35k > $TC class add dev ppp0 parent 1:1 classid 1:10 htb rate 40Kbit ceil 60Kbit burst 25k prio 1 > > $TC class add dev ppp0 parent 1:1 classid 1:20 htb rate 15Kbit ceil 55Kbit burst 10k prio 2 > > $TC class add dev ppp0 parent 1:1 classid 1:30 htb rate 7Kbit ceil 28Kbit burst 5k prio 3 > > $TC qdisc add dev ppp0 parent 1:10 handle 10: sfq perturb 10 > $TC qdisc add dev ppp0 parent 1:20 handle 20: sfq perturb 10 > $TC qdisc add dev ppp0 parent 1:30 handle 30: sfq perturb 10 > > $TC filter add dev ppp0 parent 1:0 protocol ip prio 10 u32 \ > match ip tos 0x10 0xff flowid 1:10 > > $TC filter add dev ppp0 parent 1: protocol ip prio 10 u32 \ > match ip protocol 6 0xff \ > match u8 0x05 0x0f at 0 \ > match u16 0x0000 0xffc0 at 2 \ > match u8 0x10 0xff at 33 \ > flowid 1:10 > > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -j MARK --set-mark 12 > > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p icmp -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --sport 22 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --sport 80 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 80 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 21 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 20 -j MARK --set-mark 11 > > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MARK --set-mark 13 > > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 80 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 443 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 53 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p udp --dport 53 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 22 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 23 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 21 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 25 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 110 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 5190 -j MARK --set-mark 11 > $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 6661:6669 -j MARK --set-mark 11 > > $TC filter add dev ppp0 parent 1:0 protocol ip handle 11 fw flowid 1:10 > $TC filter add dev ppp0 parent 1:0 protocol ip handle 12 fw flowid 1:20 > $TC filter add dev ppp0 parent 1:0 protocol ip handle 13 fw flowid 1:30 > -------------------------------------------------------------------------- > > This configuration works rather well. But I decided to start a SQUID > HTTP caching transparent proxy on the same server box. I have > configured squid on the 8080 port, and I redirect all the HTTP traffic > to the SQUID proxy server: > iptables -t nat -A PREROUTING -i eth0 -d ! 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080 > > The redirection works OK, and transparent proxy does its work. But > what about HTTP downstream traffic shaping ? In my earlier configuration > (without SQUID), I just put HTB classes on my internal eth0 interface, > so I could point HTTP traffic into high rate/priority class. But if I > redirect HTTP traffic through SQUID proxy, this shaping becomes not > effective, because I can shape only outgoing traffic on each > interface. What would be your suggestions about this issue ? Perhaps > it is a bad idea to use SQUID proxy ? The most important thing for me > is to reduce the download of big files via FTP, KaZaA and etc. (all > non-priviledeged ports), and to give the WWW and other important > traffic the highest bandwith rate and priority and to speed the WWW... > I would be very grateful if you could give me suggestions how to speed > up WWW... > > Rokas Zakarevicius > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
