Thanks for your script. I am still a newbie to this traffic control. I have only done polcy routing with iproute2.
I was thinking how to write this script. You have already given a start.
I have been reading Below URLs.
http://lartc.org/howto/lartc.qdisc.classful.html
http://edseek.com/~jasonb/articles/traffic_shaping/linuxtc.html
http://tldp.org/HOWTO/Traffic-Control-HOWTO/index.html
http://edseek.com/~jasonb/articles/traffic_shaping/classes.html#qdiscex
But, I still find it dificult to understand fully.
Hey, shall We disculls the script you wrote below .
I understand below 4 rules. last rule marks 192.168.102.0/24 traffic as 5
INTERFAZ_INT=eth0
BAND=256
BAND_CLIENTS=64
iptables -t mangle -A PREROUTING -s 192.168.102.0/24 -j MARK --set-mark 0x5
But, I do not understand below rules.
the above rule adds a qdisc to internet interace. what is r2q ad 4 there ?. I do not understand those two.tc qdisc add dev $INTERFAZ_INT root handle 1 htb r2q 4
tc class add dev $INTERFAZ_INT parent 1: classid 1:2 htb rate "$BAND"Kbit
FULL bandwidth with above rule.
tc class add dev $INTERFAZ_INT parent 1: classid 1:5 htb rate "$BAND_CLIENTS"Kbit
and 64 kbit with above with above rule.
tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10
What is this above rule?, I don not understand at all.
tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 10 fw classid 1:5
I do not understand the above rule too.
hope to hear from you.
Feel free to ask to me what you wish.
THAKS for above comment.
Regards
Paolo Malfatti
From: "Indunil Jayasooriya" < indunil75@xxxxxxxxx>
To: lartc@xxxxxxxxxxxxxxx
Subject: Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall
Date: Thu, 2 Aug 2007 14:48:55 +0530
Hi,
We have a 256 kbits/s (kilobits per second) link to the internet. it is a router running Linux that belongs to our ISP. They have given us 8 internet ips. ( i.e- subnet is 255.255.255.248 ). one has been given to this router. I have given another internet ip to the firewall running CentOS 4.5. iptables is running on it. And also, I have installed iproute2 pkg as well.
pls see below for installed pkgs.
[root@firebox ~]# rpm -qa |grep iptables
iptables-1.2.11-3.1.RHEL4
[root@firebox ~]# rpm -qa |grep iproute
iproute-2.6.9-3.EL4.3.centos4
This firewall has 3 ethernet cards at the moment. one is connected to router. one is connected to our DMZ zone. one is connected to LAN1.
These are ips of the firewall.
eth0 (internet) - 1.2.3.4/255.255.255.248 (pls assume it. For security reason, I will not give you the actual ip)
eth1 (DMZ Zone) - 192.168.100.254/255.255.255.0
eth2 (LAN1) - 192.168.101.254/255.255.255.0
Now, everyone in LAN1 has access to internet. (due to SNAT rule)
Now, I want to install another ethernet card to this firewall. then, it would be eth3.
eth3 will be as follows.
eth3 (LAN2) - 192.168.102.254/255.255.255.0
Now, I want put about 5 people (5 PCs) behind this LAN2 and give internet access to them. But, I do not want them to use my whole bandwidth ( i.e - 256 kbit/s), But Instead, I want peple behind this LAN2 to allocate 64 kbits/s (kilo bits per second) for their internert access.
Is it possible to acheive this task on firewall running iptables and iproute2 (CentOS 4.5) ?
If so, How can I do such thing?
If I do such thing, what will happen to the people behind LAN1 ? Will they get whole 256 kbits/s as before or will they get 256 kbit/s - 64 kbit/s for their internet access?
Hope to hear form you.
--
Thank you
Indunil Jayasooriya
--
Thank you
Indunil Jayasooriya
>_______________________________________________
>LARTC mailing list
>LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Las mejores tiendas, los precios mas bajos, entregas en todo el mundo, YupiMSN Compras: Haz clic aquí...
--
Thank you
Indunil Jayasooriya
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
