On 8/25/06, Ali Jawad <alijawad1@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrei Sandu wrote:
> On 8/24/06, Ali Jawad <alijawad1@xxxxxxxxx> wrote:
>>
>
> Hi Guys
>
> Ive got an internet cafe on which I have a debian sarge box running.
> The Debian box acts as a gateway and it has masquerading on. I have 40
> client PC and i do not want to assign more than 64k per pc for upload
> and the same is true for download too. Ive done alot of research and Ive
> read tutorials about CBQ and HTB. I found that CBQ.init is the best
> script to serve my needs. I was successfully able to limit download per
> client using the script.
> However I was not able to limit upload per client whatever method I used.
>
> Please HELP ME LIMIT THE UPLOADS ON A PER CLIENT BASIS.
>
> This is my Setup :
>
> INTERNET ---- eth0 DEBIAN eth1 -- LAN SWITCH ---40 PCS
>
> The working CBQ script that I use to limit download for a certain PC is:
>
> DEVICE=eth1,100Mbit,10Mbit
> RATE=64Kbit
> WEIGHT=6Kbit
> PRIO=5
> RULE=192.168.1.166
>
> The UPLOAD SCRIPT that I use to limit UPLOADS is "NOT WORKING" !!
>
> Upload Script "NOT WORKING"
>
> #
> --------------------------------------------------------------------------
>
> DEVICE=eth0,10Mbit,1Mbit
> RATE=64Kbit
> WEIGHT=6Kbit
> PRIO=5
> RULE= 192.168.1.166,
> #
> --------------------------------------------------------------------------
>
>
> As you can see I added the comma at the end of the Rule to indicate the
> source of the packet..any suggestions or help on how to make this work
> are welcome...!!
>>
> You will not be able to shape the upload traffic for each client on eth0 (
> after NAT all the packets have the same src address ). You can do policying
> or better u can use IMQ ( http://www.linuximq.net ) .
> ------------------------------------------------------------------------
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
I might be wrong on this Andrei.."Iam Junior when it comes to traffic
shaping"..but I think that is is quite possible to shape outgoing
traffic that is being shaped without having to use CMQ .
The idea is that masqueraded or SNATed traffic leaves the linux router
having the same src address i.e. the public address of the router in my
case. However IPTABLES or NETFILTER IN Linux has the following feature:
The POSTROUTING chain is the last chain in the iptables ..and it is part
of two tables the mangle table and the last table is the nat table. So
you can match traffic outgoing on the POSTROUTING chain if you match it
on the mangle table which precedes the nat table.
-FORWARD(mangle)-FORWARD(filter)-
- -PRE- -POST(mangle)-POST(nat)
-INPUT-LOCAL-OUTPUT(mangle->Filter->NAT)
As A result the following setup should work "Indeed it worked "
download section
tc qdisc add dev eth1 root handle 11: cbq bandwidth 100Mbit avpkt \
1000 mpu 64
tc class add dev eth1 parent 11:0 classid 11:1 cbq rate 50Kbit \
weight 5Kbit allot 1514 prio 1 avpkt 1000 bounded
tc filter add dev eth1 parent 11:0 protocol ip handle 4 fw flowid 11:1
Upload Section
tc qdisc add dev eth0 root handle 10: cbq bandwidth 10Mbit avpkt \
1000 mpu 64
tc class add dev eth0 parent 10:0 classid 10:1 cbq rate 20Kbit \
weight 2Kbit allot 1514 prio 1 avpkt 1000 bounded
tc filter add dev eth0 parent 10:0 protocol ip handle 3 fw flowid 10:1
Now the tricky part is to mark the packets so that they can be shaped
..the following only works for natted traffic and does not work for
traffic generated on the router itself.
For Download "Note that the mangle table precedes the nat table"
iptables -t mangle -A POSTROUTING -s ! 192.168.1.0/24 -d \
192.168.1.0/24 -j MARK --set-mark 4
For Upload
iptables -t mangle -A FORWARD -s 192.168.1.0/24 -j MARK --set-mark 3
I got the script idea from
http://szabilinux.hu/bandwidth/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE7v5wkgA8mKGs24MRAoCSAKCI0igWp2Km3/tbdi13ux5gB22GPACgptV7
//xFDzU5P1aPCg7QxwaHnso=
=SWow
-----END PGP SIGNATURE-----
Yes, Ali, it can be done that way too, using fwmark. But in my opinion using IMQ it is much better and clean. IMQ was created specially for this kind of situations, when you want to do ingress shaping.
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc