Need help with rate-limiting NTTP traffic

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Howdy all,
	I posted this message to the netfilter mailing-list and didn't get much
response.  I apologize if anyone here is getting this for a
second time.
	Anyway, I recently migrated my firewall from a FreeBSD box running
ipfilter, ipnat and dummynet to a Gentoo Linux box running netfilter and
tc.  I have to admit that I'm having problems visualizing tc in my head.
So, I was wondering if I could get an assist.		
	Basically, when I run my NNTP client, it uses as much bandwidth as it
can get its grubby paws on.  I have a 3M wireless connection and my ISP
doesn't limit me, but I think they will if I'm constantly using all 3M.
 So, since my NNTP traffic is pretty much constantly ongoing, I'd like
to limit it to 800kbit. This was a breeze with dummynet, but I'm not
getting how to do it correctly with netfilter.  

Here's what I tried:

$IPT -t mangle -N SHAPE-NNTP
$IPT -t mangle -I PREROUTING -i $WANIFACE -j SHAPE-NNTP
$IPT -t mangle -A SHAPE-NNTP -p tcp --sport 119 -j MARK --set-mark 119

My thoughts on placing it in PREROUTING is that I'd like to shape the
traffic as soon as possible so that my firewall gets the benefit of
dealing with the reduced load as soon as possible.  But, maybe that's
just foolishness?

Here's the tc rules I tried.

tc qdisc add dev $WANIFACE root handle 1: htb default 60
tc class add dev $WANIFACE parent 1: classid 1:1 htb rate 10Mbit
tc class add dev $WANIFACE parent 1:1 classid 1:119 htb rate 800kbit
tc filter add dev $WANIFACE parent 1:1 protocol ip handle 119 fw flowid
1:119

The one weird thing is that when I do a 'tc filter show dev $WANIFACE'
nothing comes back.  But 'tc class show dev $WANIFACE' and 'tc qdisc
show dev $WANIFACE" return useful information.

Here's some information that may be relevant:

Linux elijah 2.4.24-hardened-r1 #1 Wed Mar 31 14:20:58 MST 2004 i686
Mobile Pentium II GenuineIntel GNU/Linux
iproute-20010824-r4
iptables-1.2.9

Thanks,

-- 
Shane Hickey <shane@xxxxxxxxxxxxxxxxxxx>: Network/System Consultant
GPG KeyID: 777CBF3F
Key fingerprint: 254F B2AC 9939 C715 278C  DA95 4109 9F69 777C BF3F
Listening to: american analog set - you own me
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux