From: nix4me <nix4me@cfl.rr.com>
To: lartc@vger.kernel.org
Subject: [LARTC] refining my rules
Date: Sun, 27 Nov 2005 01:06:06 +0000 [thread overview]
Message-ID: <4389067E.4020506@cfl.rr.com> (raw)
Hi,
I am currently using the following script to shape traffic on my linux
box. I am getting ready to move the script to my linux firewall box so
it shapes traffic for my home lan. I am looking to refine my rules a
bit so to make bandwidth sharing a bit more efficient.
Specifically I am looking to give out bound email more priority so that
when a large email is sent, I want it to borrow all of the ftp
bandwidth. For some reason it only borrows some of the bandwidth but
not all.
Here is my script:
#!/bin/bash
#shaping passive and active outbound ftp traffic on an internal computer
without affecting inbound and lan speed
# mark the outbound passive ftp packets on ports 50000-51000
iptables -t mangle -D OUTPUT -o eth0 -j MYSHAPER-OUT 2> /dev/null >
/dev/null
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I OUTPUT -o eth0 -j MYSHAPER-OUT
# mark packets: 20 is lan traffic, 26 is active ftp and passive ftp, 30
is ACK for downloads, 35 is email
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 20
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 59999 -j MARK
--set-mark 26
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK
--set-mark 26
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK
--set-mark 30
iptables -t mangle -A MYSHAPER-OUT -m tcp -p tcp --dport 25 -j MARK
--set-mark 35
# clear it
tc qdisc del dev eth0 root
#add the root qdisk
tc qdisc add dev eth0 root handle 1: htb default 20
#add main rate limit class
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit
#add leaf classes, 1:2 is lan, 1:3 is outbound max
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 100mbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 40kbps
# 1:31 is ftp with lower prio, 1:32 is ACk AND email higher prio
tc class add dev eth0 parent 1:3 classid 1:31 htb rate 20kbps ceil
40kbps prio 2
tc class add dev eth0 parent 1:3 classid 1:32 htb rate 20kbps ceil
40kbps prio 1
#filter traffic into classes
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw
flowid 1:2
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 26 fw
flowid 1:31
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 30 fw
flowid 1:32
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 35 fw
flowid 1:32
Any comments would be greatly appreciated,
Mark
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next reply other threads:[~2005-11-27 1:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-27 1:06 nix4me [this message]
2005-11-27 10:05 ` [LARTC] refining my rules Andreas Klauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4389067E.4020506@cfl.rr.com \
--to=nix4me@cfl.rr.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.