Hi Ben, Thanks for the reply. I have just managed to get this working how I wanted, based on an example I found here http://forums.opensuse.org/english/get-technical-help-here/network-internet/454307-wondershaper-modification-exclude-lan-should-included.html This is the script I came up with.. http://pastebin.com/6wJ4eVnd With some quick tests it appears to work as expected. Lonney. On 17 April 2013 14:11, Benjamin Kiessling <mittagessen@xxxxxxxxxxx> wrote: > Hi, > > On 04/17, Lonney wrote: >> Using this example >> http://www.lartc.org/howto/lartc.cookbook.ultimate-tc.html#AEN2233 and >> adjusting the settings to 75% of our down and upstream bandwidth, and >> to use eth0 works very well for managing web traffic – as expected >> downloads get equal bandwidth, and web browsing can continue without >> significant slowdowns. >> >> However this also manages everything else on eth0 with these limits >> which is not ideal. >> What I want to achieve is to have the traffic control applied to >> traffic to/from the internet (ports 80 and 443 for example), but not >> locally between squid and other machines on the local network. I >> assume this could be done with some iptables rules, but I'm not very >> experienced with combining iptables and tc together. > > The easiest way to achieve this behavior would be to either set no > default class for HTB as traffic which is not classified will traverse > the interface unshaped, e.g.: > > tc qdisc add dev eth0 root handle 1: htb > tc class add dev eth0 parent 1: classid 1:1 htb rate 3Mbit > tc qdisc add dev eth0 parent 1:1 handle 10: sfq > > and then matching on the locally generated traffic from squid using > iptables (look for the CLASSIFY target). This works if you can be fairly > sure that other traffic will not swamp out traffic going through HTB. > Otherwise, setting a default class with line speed and another squid > class beneath it will fix this flaw. > > Another (significantly more complex) matter is ingress shaping. > Utilizing the ifb device to redirect ingress traffic is the technology > of choice here, but you will have to use tc-filter here as ifb does not > possess the necessary netfilter hooks. Take a look at [0] to get an > example on how to employ ifbs. > > Regards, > Ben > > > [0] http://github.com/westnetz/qos-script -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
