Andreas Klauer escreveu:
On Thursday 30 June 2005 19:26, Jefri Lie wrote:
i got this problem, i want to shape my clients internet bw, but i
don't want to shape my local network traffic. For information, my
clients using wireless to connect to my router[192.168.1.254].
Common mistake is to use the internet class as root class on the LAN
interface, which means everything (local traffic and internet traffic)
gets shaped to internet class speed.
I solved it like this:
HTB Qdisc
|
\--- HTB root class (10MBit)
|
\--- HTB internet class (1Mbit)
| |
| \--- ... more classes for internet shaping ...
|
\--- HTB lan class (10-1=9Mbit)
This would be an example setup for a 10Mbit ethernet card, with a 1MBit
internet connection, and local connections get what's left. You put your
internet traffic into the internet class (or one of it's children), and
everything else (local traffic) into the lan class.
HTH
Andreas
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
This is exactly what Im trying to do, without success.... I'm almost
giving up.
I made a little test script, follows:
tc qdisc add dev eth0 root handle 1: htb default 22
# The LAN class:
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 90mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 89232kbit ceil 90mbit
# The internet class:
tc class add dev eth0 parent 1:0 classid 1:2 htb rate 768kbit
tc class add dev eth0 parent 1:2 classid 1:20 htb rate 384kbit ceil 768kbit
tc class add dev eth0 parent 1:2 classid 1:21 htb rate 256kbit ceil 768kbit
tc class add dev eth0 parent 1:2 classid 1:22 htb rate 128kbit ceil 768kbit
# filter for the LAN:
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 10 fw
classid 1:10
#Filter for internet:
tc filter add dev eth0 protocol ip parent 1:0 prio 2 handle 11 fw
classid 1:20
tc filter add dev eth0 protocol ip parent 1:0 prio 3 handle 12 fw
classid 1:21
tc filter add dev eth0 protocol ip parent 1:0 prio 4 handle 13 fw
classid 1:22
# iptables mark:
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d
192.168.1.254 --dport 3128 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d
192.168.1.254 --dport 445 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d
192.168.1.254 --dport 139 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport
143 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport
80 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport
22 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport
44 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport
443 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport
110 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -j MARK
--set-mark 13
No error messages, everything fine.
Analysis:
[root@samba htb]# tc filter show dev eth0
filter parent 1: protocol ip pref 1 fw
filter parent 1: protocol ip pref 1 fw handle 0xa classid 1:10
filter parent 1: protocol ip pref 2 fw
filter parent 1: protocol ip pref 2 fw handle 0xb classid 1:20
filter parent 1: protocol ip pref 3 fw
filter parent 1: protocol ip pref 3 fw handle 0xc classid 1:21
filter parent 1: protocol ip pref 4 fw
filter parent 1: protocol ip pref 4 fw handle 0xd classid 1:22
[root@samba htb]# iptables -L -t mangle -v
Chain PREROUTING (policy ACCEPT 565 packets, 134K bytes)
pkts bytes target prot opt in out source
destination
0 0 MARK tcp -- any any 192.168.1.0/24
ns1.intranet.com.br tcp dpt:3128 MARK set 0xa
0 0 MARK tcp -- any any 192.168.1.0/24
ns1.intranet.com.br tcp dpt:microsoft-ds MARK set 0xa
0 0 MARK tcp -- any any 192.168.1.0/24
ns1.intranet.com.br tcp dpt:netbios-ssn MARK set 0xa
29 1821 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:imap2 MARK set 0xb
93 30816 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:www-http MARK set 0xb
101 7652 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:ssh MARK set 0xb
0 0 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:mpm-flags MARK set 0xb
1 44 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:https MARK set 0xc
44 2516 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:pop-3 MARK set 0xc
266 41637 MARK tcp -- any any 192.168.1.0/24
anywhere MARK set 0xd
Chain INPUT (policy ACCEPT 165 packets, 12979 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 400 packets, 121K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 98 packets, 12143 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 498 packets, 133K bytes)
pkts bytes target prot opt in out source
destination
[root@samba htb]# iptables -L -t mangle -v
Chain PREROUTING (policy ACCEPT 2979 packets, 303K bytes)
pkts bytes target prot opt in out source
destination
2107 110K MARK tcp -- any any 192.168.1.0/24
ns1.intranet.com.br tcp dpt:3128 MARK set 0xa
0 0 MARK tcp -- any any 192.168.1.0/24
ns1.intranet.com.br tcp dpt:microsoft-ds MARK set 0xa
21 3733 MARK tcp -- any any 192.168.1.0/24
ns1.intranet.com.br tcp dpt:netbios-ssn MARK set 0xa
29 1821 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:imap2 MARK set 0xb
179 47088 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:www-http MARK set 0xb
121 8932 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:ssh MARK set 0xb
0 0 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:mpm-flags MARK set 0xb
3 176 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:https MARK set 0xc
44 2516 MARK tcp -- any any 192.168.1.0/24
anywhere tcp dpt:pop-3 MARK set 0xc
2518 176K MARK tcp -- any any 192.168.1.0/24
anywhere MARK set 0xd
Chain INPUT (policy ACCEPT 2389 packets, 138K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 590 packets, 165K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 4390 packets, 6339K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 4980 packets, 6504K bytes)
pkts bytes target prot opt in out source
destination
A configured Apache to listen on port 3128, to make tests, and in a
machine in my Lan I do:
[william@whsm tmp]$ time wget samba.intranet.com.br:3128/768.txt
--12:34:22-- http://samba.intranet.com.br:3128/768.txt
=> `768.txt'
Resolving samba.intranet.com.br... 192.168.1.254
Connecting to samba.intranet.com.br[192.168.1.254]:3128... connected.
Requisição enviada ao servidor HTTP, esperando resposta... 200 OK
Tamanho: 7,864,320 [text/plain]
100%[================================================================================================================>]
7,864,320 91.59K/s ETA 00:00
12:35:46 (91.70 KB/s) - `768.txt' recebido [7864320/7864320]
real 1m23.817s
user 0m0.080s
sys 0m0.204s
As you can see, the download speed is 92KBps, the 768kbits in my script.
but why the class 1:10 who haves garanteedrate 89232kbit wasn't used ?
the fw mark is working, I see the traffic going correctly, but the
correct filter is not applyed??!
Maybe some of you can give me a hand, I'm sure that something is
misconfigured, but I can't figure out where. I'm new in htb, and I read
the LARTC how to, and search google for a solution, but in vain, this is
getting me crazy!! Help me!!
Regards,
--
William Henrique Siqueira Marques
wmarques@xxxxxxxxxxxxxx
Rio de Janeiro - Brasil
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
