Hi, On 04/17, Lonney wrote: > Using this example > http://www.lartc.org/howto/lartc.cookbook.ultimate-tc.html#AEN2233 and > adjusting the settings to 75% of our down and upstream bandwidth, and > to use eth0 works very well for managing web traffic – as expected > downloads get equal bandwidth, and web browsing can continue without > significant slowdowns. > > However this also manages everything else on eth0 with these limits > which is not ideal. > What I want to achieve is to have the traffic control applied to > traffic to/from the internet (ports 80 and 443 for example), but not > locally between squid and other machines on the local network. I > assume this could be done with some iptables rules, but I'm not very > experienced with combining iptables and tc together. The easiest way to achieve this behavior would be to either set no default class for HTB as traffic which is not classified will traverse the interface unshaped, e.g.: tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:1 htb rate 3Mbit tc qdisc add dev eth0 parent 1:1 handle 10: sfq and then matching on the locally generated traffic from squid using iptables (look for the CLASSIFY target). This works if you can be fairly sure that other traffic will not swamp out traffic going through HTB. Otherwise, setting a default class with line speed and another squid class beneath it will fix this flaw. Another (significantly more complex) matter is ingress shaping. Utilizing the ifb device to redirect ingress traffic is the technology of choice here, but you will have to use tc-filter here as ifb does not possess the necessary netfilter hooks. Take a look at [0] to get an example on how to employ ifbs. Regards, Ben [0] http://github.com/westnetz/qos-script
Attachment:
signature.asc
Description: Digital signature
