Hi Abhijit,
Thanks a lot for your advice - I didn't realise that the source IP was
re-written before the traffic was shaped.
I have attached the script I wrote. As I said before, the download limit
does successfully work and each client (I am using 2 test clients) gets
512kbit each. However the upload is still unlimited. But I don't believe
this is currently due to the source IP being re-written - tc itself
doesn't like my commands. They were literally copied and pasted from the
download commands and altered as appropriate, as you see in the script.
When I run this script, for each iteration of lines 48-49 produces the
following error:
137.222.235.125
Error: Qdisc "tbf" is classless.
Error: Qdisc "1:" is classless.
Unknown filter "1:", hence option "protocol" is unparsable
I don't really understand that error - especially as the identical code
does work for the download limits. If you can offer any more help, I'd
be most grateful.
Cheers,
Jonathan
Abhijit Menon-Sen wrote:
Hello Jonathan.
At 2007-07-30 12:40:00 +0100, jonathan.gazeley@xxxxxxxxxxxxx wrote:
So far I have managed to get the download limits working. However I
need to shape on both interfaces so I recycled the same code to apply
to uploads but it didn't work and I can't figure out why
That's not really enough information to try to debug your problem, but I
can think of one problem you might encounter. Since you're doing NAT for
your clients, you should be aware that the source address is rewritten
(i.e. in nat/POSTROUTING) _before_ egress QoS processing.
So if you're trying to classify outgoing traffic based on their source
IP address, it won't work.
One alternative is to mark packets from the internal network (i.e. use
-J MARK --set-mark N in mangle/PREROUTING), and write a filter on the
outgoing interface that assigns traffic to classes based on how it's
marked (u32 match mark ...). (If you want more details, ask.)
(If anyone has other suggestions, I would be interested in them too.)
-- ams
--
------------------------
Jonathan Gazeley
Wireless & VPN Team
Information Systems & Computing
University of Bristol
------------------------
#!/bin/sh
## JONATHAN'S TC SCRIPT
# LAN interfaces
LAN=eth0
WAN=eth1
# Maximum global uplink and downlink in mbit/s
GLOBAL_DOWN=100
GLOBAL_UP=100
# Maximum per-user download & upload speed in kbit/s
DOWNLINK=512
UPLINK=256
# Subnets to be stamped down upon, delimited by spaces
SUBNETS='235'
# IP range in each subnet
LOW_IP=1
HIGH_IP=125
#-----------------Don't mess with stuff below---------------|
#-----------------this line or you'll break it--------------|
# Flush existing rules
tc qdisc del dev $LAN root
tc qdisc del dev $WAN root
# Create root class for 100mbit interface - total traffic can't exceed this
tc qdisc add dev $LAN root handle 1: cbq avpkt 1000 bandwidth ${GLOBAL_DOWN}mbit
tc qdisc add dev $WAN root handle 1: cbq avpkt 1000 bandwidth ${GLOBAL_UP}mbit
# Set useful counters
jcount=1
icount=1
total=0
# Apply rules for all included subnets
for j in $SUBNETS
do
for i in `seq $LOW_IP $HIGH_IP`
do
total=$((total+1))
echo 137.222.$j.$i
tc class add dev $LAN parent 1: classid 1:$total tbf rate ${DOWNLINK}kbit allot 1500 prio 5 bounded isolated
tc filter add dev $LAN parent 1: protocol ip prio 16 u32 match ip dst 137.222.$j.$i flowid 1:$total
tc class add dev $wAN parent 1: classid 1:$total tbf rate ${UPLINK}kbit allot 1500 prio 5 bounded isolated
tc filter add dev $wAN parent 1: protocol ip prio 16 u32 match ip src 137.222.$j.$i flowid 1:$total
i=i+1
done
j=j+1
done
echo
echo $total miscreants were stamped down upon. Good work Pokey!
echo Their IP addresses were in the following ranges:
for j in $SUBNETS
do
echo 137.222.$j.$LOW_IP-$HIGH_IP
done
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
