From mboxrd@z Thu Jan  1 00:00:00 1970
From: William Marques <wmarques@vmlinuz.com.br>
Date: Thu, 23 Jun 2005 14:26:07 +0000
Subject: [LARTC] QOS with squid in the same machine
Message-Id: <42BAC67F.2040909@vmlinuz.com.br>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi list,

I'm trying to do qos based on HTB, in my linux box wich is my firewall 
and transparent proxy, and I don't have the possibility to put other 
machine to make proxy.
Well, If I up my htb scripts, the proxy will be  limited to serve my LAN 
as a external site and limited to the limit of 768kbits, even making two 
classes, tryn to limit it traffic to the maximun bandwidth of my network 
NIC.
I try to make a script to manage this, but it simply don't work.
Take a look:

#eth0 is my internal LAN card.

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1:0 htb default 40

tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit burst 15k
tc class add dev eth0 parent 1: classid 1:2 htb rate 768kbit burst 15k

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 100mbit ceil 
100mbit burst 15k
tc class add dev eth0 parent 1:2 classid 1:20 htb rate 384kbit ceil 
768kbit burst 15k
tc class add dev eth0 parent 1:2 classid 1:30 htb rate 256kbit ceil 
768kbit burst 15k
tc class add dev eth0 parent 1:2 classid 1:40 htb rate 128kbit ceil 
768kbit burst 15k

#The author then recommends SFQ for beneath these classes:

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev eth0 parent 1:40 handle 40: sfq perturb 10

#Add the filters which direct traffic to the right classes:


tc filter add dev eth0 protocol ip parent 1:1 prio 0 handle 6 fw flowid 1:10
U32="tc filter add dev eth0 protocol ip parent 1:2 prio 1 u32"
$U32 match ip dport 80 0xffff flowid 1:20
$U32 match ip sport 25 0xffff flowid 1:30

The traffic to squid has a firewall mark 0x6 on it, but I limited to 
768kbits on downloads to port 3128...
Any Ideas ? Is it possible to do?

Thanks in advance,

-- 
William Henrique Siqueira Marques
wmarques@vmlinuz.com.br

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc