|
Jody,
I have a script that makes connections for every
user with his auth. So, in this script, I have two mark tags. Can I use this tip
you give to ro0ot? My doubt is if I use this every time some user log it will be
all executed again, it will not make me trouble?
Now I mark all packts from a client and forward
this to some cbq/htb band control rules. It is working fine, but I have never
made a test for longer time...
Thanks for your cooperation.
Att,
Nataniel Klug
----- Original Message -----
Sent: Thursday, December 22, 2005 5:48
PM
Subject: Re: control p2p upload
bandwidth rate
Seems like eth0 is your IF connected to the itnernet, you need
to do shaping on that for the upload. Modifying the rates and using the
same tc comands but on eth0 would likely do it.
Also your script is
flawed, the layer7 matching for most if not all of those protocols will only
match on the first packet or two. After that the data for those connections
won't match. I suggest you look into using CONNMARK target/matching so you can
match all of the data, not just the first few packets.
With your setup
it'd be used something along these lines:
#before setting
mark:
#restores any saved mark
iptables -t mangle -A PREROUTING -p tcp
-j CONNMARK --restore-mark
#accepts the packet if it has a mark besides the
default 0 and prevents the saved mark from being changed
iptables -t
mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
#use "-j MARK
--set-mark #" here
#after all the --set-mark's
iptables -t mangle -A
PREROUTING -p tcp -m mark ! --mark 0 -j CONNMARK --save-mark
iptables -t
mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
Without this,
I'm not really sure how you were matching all packets for your download
shaping. Normally, only the first packet or two will have matching data
in the TCP connection, and if you don't somehow mark the whole connection
using the above, the majority of the bandwidth won't be shaped correctly.
- Jody
On 12/22/05, ro0ot
<ro0ot@xxxxxxxxxxxx>
wrote:
Hi
all,
I am running Slackware 10.1 with Kernel 2.6.14.3 includes iptables 1.3.4
with layer
7
My network diagram below: -
INTERNET --- LINUX_ROUTER_FW ---
PCs
Below is my simple iptables script: -
echo 1 >
/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE
iptables -t mangle -A POSTROUTING -m layer7 --l7proto
applejuice -j MARK
--set-mark 1
iptables -t mangle -A POSTROUTING -m
layer7 --l7proto ares -j MARK
--set-mark 1
iptables -t mangle -A
POSTROUTING -m layer7 --l7proto bittorrent -j MARK
--set-mark
1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto directconnect
-j
MARK --set-mark 1
iptables -t mangle -A POSTROUTING -m layer7
--l7proto edonkey -j MARK
--set-mark 1
iptables -t mangle -A
POSTROUTING -m layer7 --l7proto fasttrack -j MARK
--set-mark
1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto gnucleuslan
-j
MARK --set-mark 1
iptables -t mangle -A POSTROUTING -m layer7
--l7proto gnutella -j MARK
--set-mark 1
iptables -t mangle -A
POSTROUTING -m layer7 --l7proto napster -j MARK
--set-mark 1
iptables
-t mangle -A POSTROUTING -m layer7 --l7proto openft -j MARK
--set-mark
1
Below is my simple tc script: -
tc qdisc del dev eth1
root
tc qdisc add dev eth1 root handle 1: htb default 20
tc class add
dev eth1 parent 1: classid 1:1 htb rate 10240kbit ceil
10240kbit
tc
class add dev eth1 parent 1:1 classid 1:11 htb rate 32kbit ceil 512kbit
tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 1
fw
classid 1:11
tc qdisc add dev eth1 parent 1:11 sfq perturb
10
I have no problem shaping the "PCs" p2p download bandwidth
rate. How
can I control the "PCs" p2p upload bandwidth
rate? Please help...thanks,
:)
Regards,
ro0ot
_______________________________________________
LARTC
mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing
list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
|
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
