On 25/10/10 03:22, Landy Landy wrote:
Hello everyone. A while back I posted here that I was trying to control our user's bandwidth with iproute. I know it can be done with squid but, didn't want squid to do more than block some domains and do its caching which does pretty well. I have a script to control bw and assign each user 512kbps/256kbps. When I have squid running the control gets bypassed. I was marking packets on the FORWARD chain which caused to the bypass since the pages are served from the gw by squid instead of just doing the FORWARD. Now, I did some thinking, and changed the chain marking the packet to look like this: $iptables -t mangle -A POSTROUTING -d 172.16.250.1 -j MARK --set-mark 1053 $iptables -t mangle -A POSTROUTING -d 172.16.250.1 -j RETURN This controls the download bandwidth the way I want it. Works well. Now, for the upload speed I guess I'm having the same problem as before. The upload speed does not get controlled. I applied this chain: $iptables -t mangle -A POSTROUTING -s 172.16.250.1 -j MARK --set-mark 1054 $iptables -t mangle -A POSTROUTING -s 172.16.250.1 -j RETURN and the user can upload at full speed. Also tried PREROUTING and nothing. I need to control upload since I have some users uploading videos, mp3, and other stuff that consume most of the upload bw. Does anyone has an idea how can I control the upload speed?
Marking by itself does nothing but set a number on each packets meta data. You need other software which handles the marks and delays packets based on them. "tc" is one such.
As you have notice packets which go to Squid are not FORWARDed by the OS. They are received as INPUT to Squid, and sometimes as OUTPUT from the Squid user and process.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2
