revised shaping rules, please take a look

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In my attempt to move my traffic shaping to my router from an internal box, I have come up with a new set of rules. I would appreciate any feedback the list members might have.
What I am trying to do is shape my outbound bandwidth so that my que doesn't get full. I run a ftp server 24/7, do normal email, some ssh, web surfing and some downloading. I have a cable modem with 10mbit download and 1mbit upload. The router is a linux box running IPCOP and eth1 faces the internet and eth0 faces the LAN.
I want to set my cap at 105kbps (slightly less than 1mbit) for all outbound traffic. I want ftp traffic to send at the full 105kbps without affecting my download speed or ssh ability. I also want the ftp to send at the full 105kbps UNLESS I am sending an email. I think the following rules will do that. 

#!/bin/bash

# clear out the chain and setup a new chain
iptables -t mangle -D OUTPUT -o eth1 -j BW-OUT 2> /dev/null > /dev/null
iptables -t mangle -F BW-OUT 2> /dev/null > /dev/null
iptables -t mangle -X BW-OUT 2> /dev/null > /dev/null
iptables -t mangle -N BW-OUT
iptables -t mangle -I POSTROUTING -o eth1 -j BW-OUT
# mark packets: 2 is active ftp and passive ftp, 1 is ACK for downloads and email and everything else iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j MARK --set-mark 1 
iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j MARK --set-mark 1
iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j MARK --set-mark 2
iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 2 
iptables -t mangle -A BW-OUT -m mark --mark 0 -j MARK --set-mark 1
# clear the qdisc
tc qdisc del dev eth1 root

#add the root qdisk
tc qdisc add dev eth1 root handle 1: htb default 10

#add main rate limit class and 2 leafs
tc class add dev eth1 parent 1: classid 1:1 htb rate 105kpbs ceil 105kpbs
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 50kbps ceil 105kbps prio 0 tc class add dev eth1 parent 1:1 classid 1:11 htb rate 50kbps ceil 105kbps prio 1 

#filter traffic into classes
tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 1 fw flowid 1:10 tc filter add dev eth1 parent 1:0 prio 1 protocol ip handle 2 fw flowid 1:11
So, in a nutshell. This should shape outbound ftp to 105kpbs. If I download, the ACK packets should go to the front of the que. If I send a large email, the email should borrow speed from the ftp. Web surfing should be snappy and ssh also beacuse they are in the higher priority que. 

Any comments?

nix4me


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux