From mboxrd@z Thu Jan  1 00:00:00 1970
From: William Marques <wmarques@vmlinuz.com.br>
Date: Fri, 01 Jul 2005 15:48:38 +0000
Subject: Re: [LARTC] HTB: shaping internet bandwidth but don't shape local
Message-Id: <42C565D6.3040901@vmlinuz.com.br>
List-Id: <lartc.vger.kernel.org>
References: <fc2b878d050630102611543c71@mail.gmail.com>
In-Reply-To: <fc2b878d050630102611543c71@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To: lartc@vger.kernel.org

Andreas Klauer escreveu:

>On Thursday 30 June 2005 19:26, Jefri Lie wrote:
> =20
>
>>i got this problem, i want to shape my clients internet bw, but i
>>don't want to shape my local network traffic. For information, my
>>clients using wireless to connect to my router[192.168.1.254].
>>   =20
>>
>
>Common mistake is to use the internet class as root class on the LAN=20
>interface, which means everything (local traffic and internet traffic)=20
>gets shaped to internet class speed.
>
>I solved it like this:
>
>HTB Qdisc
>|
>\--- HTB root class (10MBit)
>     |
>     \--- HTB internet class (1Mbit)
>     |    |
>     |    \--- ... more classes for internet shaping ...
>     |
>     \--- HTB lan class (10-1=3D9Mbit)
>
>This would be an example setup for a 10Mbit ethernet card, with a 1MBit=20
>internet connection, and local connections get what's left. You put your=20
>internet traffic into the internet class (or one of it's children), and=20
>everything else (local traffic) into the lan class.
>
>HTH
>Andreas
>_______________________________________________
>LARTC mailing list
>LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> =20
>
This is exactly what Im trying to do, without success.... I'm almost=20
giving up.

I made a little test script, follows:

tc qdisc add dev eth0 root handle 1: htb default 22
# The LAN class:
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 90mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 89232kbit ceil 90mbit
# The internet class:
tc class add dev eth0 parent 1:0 classid 1:2 htb rate 768kbit
tc class add dev eth0 parent 1:2 classid 1:20 htb rate 384kbit ceil 768kbit
tc class add dev eth0 parent 1:2 classid 1:21 htb rate 256kbit ceil 768kbit
tc class add dev eth0 parent 1:2 classid 1:22 htb rate 128kbit ceil 768kbit
# filter for the LAN:
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 10 fw=20
classid 1:10
#Filter for internet:
tc filter add dev eth0 protocol ip parent 1:0 prio 2 handle 11 fw=20
classid 1:20
tc filter add dev eth0 protocol ip parent 1:0 prio 3 handle 12 fw=20
classid 1:21
tc filter add dev eth0 protocol ip parent 1:0 prio 4 handle 13 fw=20
classid 1:22
# iptables mark:
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d=20
192.168.1.254 --dport 3128 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d=20
192.168.1.254 --dport 445 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d=20
192.168.1.254 --dport 139 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport=20
143 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport=20
80 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport=20
22 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport=20
44 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport=20
443 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport=20
110 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -j MARK=20
--set-mark 13

No error messages, everything fine.
Analysis:
[root@samba htb]# tc filter show dev eth0
filter parent 1: protocol ip pref 1 fw
filter parent 1: protocol ip pref 1 fw handle 0xa classid 1:10
filter parent 1: protocol ip pref 2 fw
filter parent 1: protocol ip pref 2 fw handle 0xb classid 1:20
filter parent 1: protocol ip pref 3 fw
filter parent 1: protocol ip pref 3 fw handle 0xc classid 1:21
filter parent 1: protocol ip pref 4 fw
filter parent 1: protocol ip pref 4 fw handle 0xd classid 1:22

[root@samba htb]# iptables -L -t mangle -v
Chain PREROUTING (policy ACCEPT 565 packets, 134K bytes)
 pkts bytes target     prot opt in     out     source              =20
destination
    0     0 MARK       tcp  --  any    any     192.168.1.0/24      =20
ns1.intranet.com.br tcp dpt:3128 MARK set 0xa
    0     0 MARK       tcp  --  any    any     192.168.1.0/24      =20
ns1.intranet.com.br tcp dpt:microsoft-ds MARK set 0xa
    0     0 MARK       tcp  --  any    any     192.168.1.0/24      =20
ns1.intranet.com.br tcp dpt:netbios-ssn MARK set 0xa
   29  1821 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:imap2 MARK set 0xb
   93 30816 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:www-http MARK set 0xb
  101  7652 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:ssh MARK set 0xb
    0     0 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:mpm-flags MARK set 0xb
    1    44 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:https MARK set 0xc
   44  2516 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:pop-3 MARK set 0xc
  266 41637 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            MARK set 0xd

Chain INPUT (policy ACCEPT 165 packets, 12979 bytes)
 pkts bytes target     prot opt in     out     source              =20
destination

Chain FORWARD (policy ACCEPT 400 packets, 121K bytes)
 pkts bytes target     prot opt in     out     source              =20
destination

Chain OUTPUT (policy ACCEPT 98 packets, 12143 bytes)
 pkts bytes target     prot opt in     out     source              =20
destination

Chain POSTROUTING (policy ACCEPT 498 packets, 133K bytes)
 pkts bytes target     prot opt in     out     source              =20
destination
[root@samba htb]# iptables -L -t mangle -v
Chain PREROUTING (policy ACCEPT 2979 packets, 303K bytes)
 pkts bytes target     prot opt in     out     source              =20
destination
 2107  110K MARK       tcp  --  any    any     192.168.1.0/24      =20
ns1.intranet.com.br tcp dpt:3128 MARK set 0xa
    0     0 MARK       tcp  --  any    any     192.168.1.0/24      =20
ns1.intranet.com.br tcp dpt:microsoft-ds MARK set 0xa
   21  3733 MARK       tcp  --  any    any     192.168.1.0/24      =20
ns1.intranet.com.br tcp dpt:netbios-ssn MARK set 0xa
   29  1821 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:imap2 MARK set 0xb
  179 47088 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:www-http MARK set 0xb
  121  8932 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:ssh MARK set 0xb
    0     0 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:mpm-flags MARK set 0xb
    3   176 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:https MARK set 0xc
   44  2516 MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            tcp dpt:pop-3 MARK set 0xc
 2518  176K MARK       tcp  --  any    any     192.168.1.0/24      =20
anywhere            MARK set 0xd

Chain INPUT (policy ACCEPT 2389 packets, 138K bytes)
 pkts bytes target     prot opt in     out     source              =20
destination

Chain FORWARD (policy ACCEPT 590 packets, 165K bytes)
 pkts bytes target     prot opt in     out     source              =20
destination

Chain OUTPUT (policy ACCEPT 4390 packets, 6339K bytes)
 pkts bytes target     prot opt in     out     source              =20
destination

Chain POSTROUTING (policy ACCEPT 4980 packets, 6504K bytes)
 pkts bytes target     prot opt in     out     source              =20
destination

A configured Apache to listen on port 3128, to  make tests, and in a=20
machine in my Lan I do:

[william@whsm tmp]$ time wget samba.intranet.com.br:3128/768.txt
--12:34:22--  http://samba.intranet.com.br:3128/768.txt
           =3D> `768.txt'
Resolving samba.intranet.com.br... 192.168.1.254
Connecting to samba.intranet.com.br[192.168.1.254]:3128... connected.
Requisi=E7=E3o enviada ao servidor HTTP, esperando resposta... 200 OK
Tamanho: 7,864,320 [text/plain]

100%[=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D>]=20
7,864,320     91.59K/s    ETA 00:00

12:35:46 (91.70 KB/s) - `768.txt' recebido [7864320/7864320]


real    1m23.817s
user    0m0.080s
sys     0m0.204s

As you can see, the download speed is 92KBps, the 768kbits in my script.=20
but why the class 1:10 who haves garanteedrate 89232kbit wasn't used ?
the fw mark is working, I see the traffic going correctly, but the=20
correct filter is not applyed??!

Maybe some of you can give me a hand, I'm sure that something is=20
misconfigured, but I can't figure out where. I'm new in htb, and I read=20
the LARTC how to, and search google for a solution, but in vain, this is=20
getting me crazy!! Help me!!

Regards,

--=20
William Henrique Siqueira Marques
wmarques@vmlinuz.com.br
Rio de Janeiro - Brasil


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc