On Jeu 12 mai 2005 8:14, Lee Sanders a écrit :
> Hi All,
>
> I've been playing with QOS for a short while now and have worked out how
> to do
> what I want using HTB. Great queuing discipline btw.
>
> My problem is the tc filters I want to setup aren't working because
> iptables is getting to the packets first and mangling the src address.
>
> The iptables script I am using is MonMotha's Firewall 2.3.8 and it
> includes
> lots of nice goodies like syn flood rate limiting. The extra bits like
> this
> are why I'm using it rather than figuring the iptables configuration out
> myself.
>
> My network configuration is trivial, adsl router connected to linux box
> connected to two networks, LAN and WLAN.
>
> I like having these iptables features but MonMotha's Firewall isn't
> designed
> with QOS in mind.
>
> My question for this list, is there a recommended iptables router script
> that
> everyone here uses designed with QOS in mind or have you all written your
> own ?
>
> Thanks in Advance
>
> Lee
>
Hi Lee,
Below is my script. It's inspired from LARTC, for the same configuration
as you : home Linux routeur with DSL on eth1, masquerading trafic from
LAN. The server is running a few services (http,mail,dns), and I want
these services to have priority, and also the users must have priority for
their mail & http over the default class. The trafic to/from the services
not defined below goes to default class, which is fine (ftp, im, ...).
Hope you can use it, though it's certainly not perfect.
Sylvain
#!/bin/bash
UPLINK_EXT=950 # outgoing DSL bandwidth, kbps
DEV_EXT=eth1 # DSL link
tc qdisc del dev ${DEV_EXT} root 2> /dev/null > /dev/null
tc qdisc add dev ${DEV_EXT} root handle 1: htb default 20
# root class
tc class add dev ${DEV_EXT} parent 1: classid 1:1 htb rate
$[${UPLINK_EXT}]kbit prio 0
# fast ( 80% )
tc class add dev ${DEV_EXT} parent 1:1 classid 1:10 htb rate
$[8*${UPLINK_EXT}/10]kbit ceil $[${UPLINK_EXT}]kbit burst 10k prio 1
# slow ( 20% )
tc class add dev ${DEV_EXT} parent 1:1 classid 1:20 htb rate
$[2*${UPLINK_EXT}/10]kbit ceil $[8*${UPLINK_EXT}/10]kbit burst 2k prio 5
# stochastic fairness
tc qdisc add dev ${DEV_EXT} parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev ${DEV_EXT} parent 1:20 handle 20: sfq perturb 10
# trafic with priority
# CLIENT
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 22 0xffff flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 25 0xffff flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 53 0xffff flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 80 0xffff flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 110 0xffff flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 143 0xffff flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 443 0xffff flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 993 0xffff flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 995 0xffff flowid 1:10
# SERVER
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
sport 22 0xfffd flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
sport 25 0xfffd flowid 1:10
tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
dport 53 0xffff flowid 1:10
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
