Please: Judge this script

"Ricardo Chamorro" <ricardo.a.chamorro@xxxxxxxxx> · Tue, 5 Jul 2005 02:27:29 -0300



I copied and tried to adapt to my necessities the 
excellent script of Pedro Larroy, but I am inexperienced in QoS and I have 
doubts.  I have cablemodem to Internet 1024kbit down and 256kbit 
up, through eth0. The LAN has eth1 and NAT.  
I formed the band so that shaping goes by 
the eth1 (of the LAN) with bandwidth maximum CEIL=768.  
But I observe that the traffic sometimes 
accelerates and other moments stops.  
Please, you they could say to me what is bad of 
script that I paste below???  
Thanks for its patience.
----------paste 
script-------------------------------------------------
CEIL=768
 
#Primero borrar todas las bandas que pudiera 
haber
 
tc qdisc del dev eth1 root
 
#Se crea la banda principal root 1, cuyos paquetes 
por defecto van a la banda 1
 
tc qdisc add dev eth1 root handle 1: htb default 
15
 
tc class add dev eth1 parent 1: classid 1:1 htb 
rate ${CEIL}kbit ceil ${CEIL}kbit
 
tc class add dev eth1 parent 1:1 classid 1:10 htb 
rate 270kbit ceil 270kbit prio 0
 
tc class add dev eth1 parent 1:1 classid 1:11 htb 
rate 270kbit ceil ${CEIL}kbit prio 1
 
tc class add dev eth1 parent 1:1 classid 1:12 htb 
rate 68kbit ceil ${CEIL}kbit prio 2
 
tc class add dev eth1 parent 1:1 classid 1:13 htb 
rate 68kbit ceil ${CEIL}kbit prio 2
 
tc class add dev eth1 parent 1:1 classid 1:14 htb 
rate 34kbit ceil ${CEIL}kbit prio 3
 
tc class add dev eth1 parent 1:1 classid 1:15 htb 
rate 100kbit ceil ${CEIL}kbit prio 1
 
#Se asocia la cola sfq con la banda 
hija
 
tc qdisc add dev eth1 parent 1:11 handle 110: sfq 
perturb 10
 
tc qdisc add dev eth1 parent 1:12 handle 120: sfq 
perturb 10
 
tc qdisc add dev eth1 parent 1:13 handle 130: sfq 
perturb 10
 
tc qdisc add dev eth1 parent 1:14 handle 140: sfq 
perturb 10
 
tc qdisc add dev eth1 parent 1:15 handle 150: sfq 
perturb 10
 
#Se asocian las marcas que hubiera en iptables 
mangle con las bandas respectivas
 
tc filter add dev eth1 protocol ip parent 1:0 prio 
1 handle 1 fw classid 1:10
 
tc filter add dev eth1 protocol ip parent 1:0 prio 
2 handle 2 fw classid 1:11
 
tc filter add dev eth1 protocol ip parent 1:0 prio 
3 handle 3 fw classid 1:12
 
tc filter add dev eth1 protocol ip parent 1:0 prio 
4 handle 4 fw classid 1:13
 
tc filter add dev eth1 protocol ip parent 1:0 prio 
5 handle 5 fw classid 1:14
 
tc filter add dev eth1 protocol ip parent 1:0 prio 
6 handle 6 fw classid 1:15
 
#Se dan las reglas iptables para marcar lo que nos 
interesa
 
$IPTABLES -t mangle -A PREROUTING -p icmp -j MARK 
--set-mark 0x1
 
$IPTABLES -t mangle -A PREROUTING -p icmp -j 
RETURN
 
$IPTABLES -t mangle -A PREROUTING -m tos --tos 
Minimize-Delay -j MARK --set-mark 0x1
 
$IPTABLES -t mangle -A PREROUTING -m tos --tos 
Minimize-Delay -j RETURN
 
$IPTABLES -t mangle -A PREROUTING -m tos --tos 
Minimize-Cost -j MARK --set-mark 0x5
 
$IPTABLES -t mangle -A PREROUTING -m tos --tos 
Minimize-Cost -j RETURN
 
$IPTABLES -t mangle -A PREROUTING -m tos --tos 
Maximize-Throughput -j MARK --set-mark 0x6
 
$IPTABLES -t mangle -A PREROUTING -m tos --tos 
Maximize-Throughput -j RETURN
 
#Esto prioriza paquetes del puerto 
seteado
 
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp 
--sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A PREROUTING -p tcp -m 
tcp --sport 80 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp 
--sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A PREROUTING -p udp -m 
udp --sport 80 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp 
--sport 54661 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p tcp 
-m tcp --sport 54661 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m 
tcp --sport 54662 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p 
tcp -m tcp --sport 54662 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp 
-m tcp --sport 56881 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING 
-p tcp -m tcp --sport 56881 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p 
tcp -m tcp --sport 54711 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A 
PREROUTING -p tcp -m tcp --sport 54711 -j RETURN
$IPTABLES -t mangle -A 
PREROUTING -p udp -m udp --sport 54665 -j MARK --set-mark 0x6
$IPTABLES -t 
mangle -A PREROUTING -p udp -m udp --sport 54665 -j RETURN
$IPTABLES -t 
mangle -A PREROUTING -p udp -m udp --sport 54672 -j MARK --set-mark 
0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j 
RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j MARK 
--set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 
-j RETURN
 
#Esto prioriza paquetes al comienzo de conexiones 
tcp con SYN flag
 
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp 
--tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
$IPTABLES -t mangle -A 
PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
 
#Cierra reglas de la tabla prerouting 
mangle
 
$IPTABLES -t mangle -A PREROUTING -j MARK 
--set-mark 0x6
 
#Todo lo mismo que lo anterior, pero en OUTPUT, 
para trafico generado localmente
 
$IPTABLES -t mangle -A OUTPUT -p icmp -j MARK 
--set-mark 0x1
 
$IPTABLES -t mangle -A OUTPUT -p icmp -j 
RETURN
 
$IPTABLES -t mangle -A OUTPUT -m tos --tos 
Minimize-Delay -j MARK --set-mark 0x1
 
$IPTABLES -t mangle -A OUTPUT -m tos --tos 
Minimize-Delay -j RETURN
 
$IPTABLES -t mangle -A OUTPUT -m tos --tos 
Minimize-Cost -j MARK --set-mark 0x5
 
$IPTABLES -t mangle -A OUTPUT -m tos --tos 
Minimize-Cost -j RETURN
 
$IPTABLES -t mangle -A OUTPUT -m tos --tos 
Maximize-Throughput -j MARK --set-mark 0x6
 
$IPTABLES -t mangle -A OUTPUT -m tos --tos 
Maximize-Throughput -j RETURN
 
#Esto prioriza paquetes del puerto 
seteado
 
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 
80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 
80 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 80 -j MARK 
--set-mark 0x2
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 80 -j 
RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54661 -j MARK 
--set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54661 -j 
RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54662 -j MARK 
--set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54662 -j 
RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 56881 -j MARK 
--set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 56881 -j 
RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54711 -j MARK 
--set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54711 -j 
RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54665 -j MARK 
--set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54665 -j 
RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54672 -j MARK 
--set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54672 -j 
RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 56881 -j MARK 
--set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 56881 -j 
RETURN
 
#Esto prioriza paquetes al comienzo de conexiones 
tcp con SYN flag
 
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp 
--tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
$IPTABLES -t mangle -A 
OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
 
#Cierra reglas de la tabla OUTPUT 
mangle
 
$IPTABLES -t mangle -A OUTPUT -j MARK --set-mark 
0x3
--------------------------end 
paste----------------------------------------------
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Please: Judge this script

Linux Advanced Routing and Traffic Control