Hi, im using this script to shape traffic as I want..i get this log on
the kernel
Log:
HTB: quantum of class 10020 is big. Consider r2q change.
HTB init, kernel part version 3.13
HTB init, kernel part version 3.13
How worryed should I be :) ???
Thanks people!?
#!/bin/bash -x
fast_mark=1
ultra_fast_mark=2
slow_mark=3
interfaz_externa="eth1"
interfaz_interna="eth0"
iptables="/usr/local/sbin/iptables"
average_port="22 80 8080 3128 443 53 110 5190 259 1041 1723 1863
6667 6668 6669"
p2p_port="1214 4600:4700 1100:1300 21 6346 3135 3531 1911 21
3995 4242 2780 2527 2152 21"
p2p_multiport="50000:60000"
uplink_bw=1524
downlink_bw=1524
red_interna1="10.0.0.0/8"
red_interna3="172.0.3.0/24"
red_interna2="xxx.xxx.xxx.xxx/27"
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
# ICMP
$iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark
$fast_mark
# TRAFICO OUT
for i in $average_port
do
$iptables -t mangle -N FORW_FAST_OUT_DST_$i
$iptables -t mangle -A FORWARD -i $interfaz_interna -o
$interfaz_externa -p tcp -m mport --ports $i -j FORW_FAST_OUT_DST_$i
$iptables -t mangle -A FORW_FAST_OUT_DST_$i -j MARK --set-mark
$fast_mark
done
# dns fast
$iptables -t mangle -A FORWARD -p udp -m mport --ports 53 -j
MARK --set-mark $fast_mark
for i in $p2p_port
do
$iptables -t mangle -N FORW_P2P_OUT_DST_$i
$iptables -t mangle -A FORWARD -i $interfaz_interna -o
$interfaz_externa -p tcp -m mport --ports $i -j FORW_P2P_OUT_DST_$i
$iptables -t mangle -A FORW_P2P_OUT_DST_$i -j MARK --set-mark
$slow_mark
done
# TRAFICO IN
for i in $average_port
do
$iptables -t mangle -N FORW_FAST_IN_DST_$i
$iptables -t mangle -A FORWARD -i $interfaz_externa -o
$interfaz_interna -p tcp -m mport --ports $i -j FORW_FAST_IN_DST_$i
$iptables -t mangle -A FORW_FAST_IN_DST_$i -j MARK --set-mark
$fast_mark
done
for i in $p2p_port
do
$iptables -t mangle -N FORW_P2P_IN_DST_$i
$iptables -t mangle -A FORWARD -o $interfaz_interna -i
$interfaz_externa -p tcp -m mport --ports $i -j FORW_P2P_IN_DST_$i
$iptables -t mangle -A FORW_P2P_IN_DST_$i -j MARK --set-mark
$slow_mark
done
$iptables -t mangle -N FORW_P2P_IN_DST_MULTIPORT
$iptables -t mangle -A FORWARD -p tcp -m mport --ports
$p2p_multiport -j FORW_P2P_IN_DST_MULTIPORT
$iptables -t mangle -A FORW_P2P_IN_DST_MULTIPORT -j MARK
--set-mark $slow_mark
# p2p probar unas coas
$iptables -t mangle -A PREROUTING -m p2p -j CONNMARK --set-mark
$slow_mark
$iptables -t mangle -A PREROUTING -m connmark --mark $slow_mark
-j CONNMARK --restore-mark
# TRAFICO GENERADO POR EL SERVER HACIA INTERNET
for i in $average_port
do
$iptables -t mangle -N OUT_SERVER_OUT_DST_$i
$iptables -t mangle -A OUTPUT -o $interfaz_externa -p tcp -m
mport --ports $i -j OUT_SERVER_OUT_DST_$i
$iptables -t mangle -A OUT_SERVER_OUT_DST_$i -j MARK --set-mark
$fast_mark
done
# TRAFICO GENERADO POR EL SERVER HACIA LA RED INTERNA
$iptables -t mangle -A OUTPUT -o $interfaz_interna -j MARK
--set-mark $ultra_fast_mark
# CLASES PARA EL TRAFICO EXTERNO
tc qdisc del dev $interfaz_externa root 2> /dev/null >
/dev/null
tc qdisc del dev $interfaz_externa ingress 2> /dev/null >
/dev/null
tc qdisc add dev $interfaz_externa root handle 1: htb default 20
tc class add dev $interfaz_externa parent 1: classid 1:1 htb
rate ${uplink_bw}kbit
#tc class add dev $interfaz_externa parent 1:1 classid 1:10 htb
rate $[5*$uplink_bw/10]kbit ceil $[6*$uplink_bw/10]kbit prio 1
#tc class add dev $interfaz_externa parent 1:1 classid 1:20 htb
rate $[3*$uplink_bw/10]kbit ceil $[4*$uplink_bw/10]kbit prio 2
#tc class add dev $interfaz_externa parent 1:1 classid 1:30 htb
rate $[3*$uplink_bw/10]kbit ceil $[3*$uplink_bw/10]kbit prio 3
# modificacion viernes 28/2004
tc class add dev $interfaz_externa parent 1:1 classid 1:10 htb
rate $[5*$uplink_bw/10]kbit ceil $[6*$uplink_bw/10]kbit prio 1
tc class add dev $interfaz_externa parent 1:1 classid 1:20 htb
rate $[4*$uplink_bw/10]kbit ceil $[4*$uplink_bw/10]kbit prio 2
tc class add dev $interfaz_externa parent 1:1 classid 1:30 htb
rate $[1*$uplink_bw/10]kbit ceil $[2*$uplink_bw/10]kbit prio 3
tc qdisc add dev $interfaz_externa parent 1:10 handle 10: sfq
perturb 10
tc qdisc add dev $interfaz_externa parent 1:20 handle 20: sfq
perturb 10
tc qdisc add dev $interfaz_externa parent 1:30 handle 30: sfq
perturb 10
tc filter add dev $interfaz_externa protocol ip prio 1 parent 1:
handle $fast_mark fw classid 1:10
tc filter add dev $interfaz_externa protocol ip prio 3 parent 1:
handle $slow_mark fw classid 1:30
tc filter add dev $interfaz_externa parent 1:0 protocol ip prio
1 u32 match ip protocol 1 0xff flowid 1:10
# CLASES PARA EL TRAFICO INTERNO
tc qdisc del dev $interfaz_interna root 2> /dev/null >
/dev/null
tc qdisc del dev $interfaz_interna ingress 2> /dev/null >
/dev/null
tc qdisc add dev $interfaz_interna root handle 1: htb default 30
tc class add dev $interfaz_interna parent 1: classid 1:1 htb
rate $[10*$downlink_bw]kbit
tc class add dev $interfaz_interna parent 1:1 classid 1:10 htb
rate $[5*$downlink_bw/10]kbit ceil $[7*$downlink_bw/10]kbit prio 1
# I use this because some traffic I don't want to be shapped
goes on this flow..
tc class add dev $interfaz_interna parent 1:1 classid 1:20 htb
rate $[80*$downlink_bw]kbit ceil $[80*$downlink_bw]kbit
tc class add dev $interfaz_interna parent 1:1 classid 1:30 htb
rate $[3*$downlink_bw/10]kbit ceil $[4*$uplink_bw/10]kbit prio 2
tc class add dev $interfaz_interna parent 1:1 classid 1:40 htb
rate $[1*$downlink_bw/10]kbit ceil $[2*$downlink_bw/10]kbit prio 3
tc qdisc add dev $interfaz_interna parent 1:10 handle 10: sfq
perturb 10
tc qdisc add dev $interfaz_interna parent 1:20 handle 20: sfq
perturb 10
tc qdisc add dev $interfaz_interna parent 1:40 handle 40: sfq
perturb 10
tc filter add dev $interfaz_interna protocol ip prio 1 parent 1:
handle $fast_mark fw classid 1:10
tc filter add dev $interfaz_interna protocol ip prio 2 parent 1:
handle $slow_mark fw classid 1:40
tc filter add dev $interfaz_interna protocol ip prio 2 parent 1:
handle $ultra_fast_mark fw classid 1:20
tc filter add dev $interfaz_interna parent 1:0 protocol ip prio
1 u32 match ip protocol 1 0xff flowid 1:10
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
