On Thu, May 12, 2005 at 09:40:56AM +0200, Sylvain BERTRAND wrote:
> On Jeu 12 mai 2005 8:14, Lee Sanders a ?crit :
> > Hi All,
> >
> > I've been playing with QOS for a short while now and have worked out how
> > to do
> > what I want using HTB. Great queuing discipline btw.
> >
> > My problem is the tc filters I want to setup aren't working because
> > iptables is getting to the packets first and mangling the src address.
> >
> > The iptables script I am using is MonMotha's Firewall 2.3.8 and it
> > includes
> > lots of nice goodies like syn flood rate limiting. The extra bits like
> > this
> > are why I'm using it rather than figuring the iptables configuration out
> > myself.
> >
> > My network configuration is trivial, adsl router connected to linux box
> > connected to two networks, LAN and WLAN.
> >
> > I like having these iptables features but MonMotha's Firewall isn't
> > designed
> > with QOS in mind.
> >
> > My question for this list, is there a recommended iptables router script
> > that
> > everyone here uses designed with QOS in mind or have you all written your
> > own ?
> >
> > Thanks in Advance
> >
> > Lee
> >
>
> Hi Lee,
>
> Below is my script. It's inspired from LARTC, for the same configuration
> as you : home Linux routeur with DSL on eth1, masquerading trafic from
> LAN. The server is running a few services (http,mail,dns), and I want
> these services to have priority, and also the users must have priority for
> their mail & http over the default class. The trafic to/from the services
> not defined below goes to default class, which is fine (ftp, im, ...).
> Hope you can use it, though it's certainly not perfect.
>
> Sylvain
>
Sylvain
Q) why use do your matching in tc filter and not netfilter ? Is one way
better than the other.
I started out doing it via filter and then moved to netfilter instead
using mark.
Curious to hear what other people have/do do
Alex
>
> #!/bin/bash
>
> UPLINK_EXT=950 # outgoing DSL bandwidth, kbps
> DEV_EXT=eth1 # DSL link
>
> tc qdisc del dev ${DEV_EXT} root 2> /dev/null > /dev/null
>
> tc qdisc add dev ${DEV_EXT} root handle 1: htb default 20
>
> # root class
> tc class add dev ${DEV_EXT} parent 1: classid 1:1 htb rate
> $[${UPLINK_EXT}]kbit prio 0
> # fast ( 80% )
> tc class add dev ${DEV_EXT} parent 1:1 classid 1:10 htb rate
> $[8*${UPLINK_EXT}/10]kbit ceil $[${UPLINK_EXT}]kbit burst 10k prio 1
> # slow ( 20% )
> tc class add dev ${DEV_EXT} parent 1:1 classid 1:20 htb rate
> $[2*${UPLINK_EXT}/10]kbit ceil $[8*${UPLINK_EXT}/10]kbit burst 2k prio 5
>
> # stochastic fairness
> tc qdisc add dev ${DEV_EXT} parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev ${DEV_EXT} parent 1:20 handle 20: sfq perturb 10
>
> # trafic with priority
> # CLIENT
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 22 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 25 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 53 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 80 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 110 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 143 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 443 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 993 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 995 0xffff flowid 1:10
> # SERVER
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> sport 22 0xfffd flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> sport 25 0xfffd flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 53 0xffff flowid 1:10
>
>
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
