subdivide 64 kbit bandwidth 32kbit for WWW and 32 Kbit for mail

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I've got a BOX  running CentOS 4.5. It acts as a firewall + router.

I have installed both iptables and iproute2.

I has 3 network cards.

eth0 is connected to Internet (is has an internet ip. pls assume its ip is 1.2.3.4/29). it is a 256 Kbit link.
eth1 is DMZ. its ip is 192.168.100.254
eth2 is LAN. Its ip is 192.168.101.254

I have alreday shaped traffic to 64 Kbit on eth1 for downloadig (i.e DMZ zone ).

This is the sript that does the job. It works ine.

#traffic shaping on eth1 (Downloading)

INTERFAZ_DMZ=eth1
FULLBANDWIDTH=256
BANDWIDTH4DMZ=64

tc qdisc del root dev $INTERFAZ_DMZ

tc qdisc add dev $INTERFAZ_DMZ root handle 1: htb r2q 4
tc class add dev $INTERFAZ_DMZ parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit
tc class add dev $INTERFAZ_DMZ parent 1: classid 1:5 htb rate "$BANDWIDTH4DMZ"Kbit
tc qdisc add dev $INTERFAZ_DMZ parent 1:5 handle 5: sfq perturb 10
tc filter add dev $INTERFAZ_DMZ parent 1: protocol ip prio 1 u32 match ip dst 192.168.100.0/24 classid 1:5


It has allocated 64 Kbit for downloading for the ip range of 192.168.100.0/24. (DMZ ZONE)

Rememmber, this is a SNATed firewall.

Now, What I nedd is to subdivide this 64 kbit bandwidth 32kbit for WWW and 32 Kbit for mail.

Can I subdivide in that way ? If divided , What will happen to other services such as ICMP, SSH, ACK etc ?

Then, How can I achieve this task?

I modfied the the above script . This is what it looks like after editing.



#traffic shaping on eth1 (Downloading)

INTERFAZ_DMZ=eth1
FULLBANDWIDTH=256
BANDWIDTH4DMZ=64

tc qdisc del root dev $INTERFAZ_DMZ

tc qdisc add dev $INTERFAZ_DMZ root handle 1: htb r2q 4
tc class add dev $INTERFAZ_DMZ parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit
tc class add dev $INTERFAZ_DMZ parent 1: classid 1:5 htb rate "$BANDWIDTH4DMZ"Kbit

tc class add dev $INTERFAZ_DMZ parent 1:5 classid 1:10 htb rate 32kbit
tc class add dev $INTERFAZ_DMZ parent 1:5 classid 1:11 htb rate 32Kbit

tc qdisc add dev $INTERFAZ_DMZ parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $INTERFAZ_DMZ parent 1:11 handle 11: sfq perturb 10

 #192.168.100.3 is the BOX acts as a mail server and a proxyserver.
tc filter add dev $INTERFAZ_DMZ parent 1: protocol ip prio 1 u32 match ip dst 192.168.100.0/24 classid 1:10
tc filter add dev $INTERFAZ_DMZ parent 1: protocol ip prio 1 u32 match ip dst 192.168.100.0/24 match ip dport 25  classid 1:11



Pls let me know if it is Okay?  or any better way to rewrite it?

EXPECT YOUR COMMENTS.







--
Thank you
Indunil Jayasooriya
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux