* [LARTC] refining my rules
@ 2005-11-27 1:06 nix4me
2005-11-27 10:05 ` Andreas Klauer
0 siblings, 1 reply; 2+ messages in thread
From: nix4me @ 2005-11-27 1:06 UTC (permalink / raw)
To: lartc
Hi,
I am currently using the following script to shape traffic on my linux
box. I am getting ready to move the script to my linux firewall box so
it shapes traffic for my home lan. I am looking to refine my rules a
bit so to make bandwidth sharing a bit more efficient.
Specifically I am looking to give out bound email more priority so that
when a large email is sent, I want it to borrow all of the ftp
bandwidth. For some reason it only borrows some of the bandwidth but
not all.
Here is my script:
#!/bin/bash
#shaping passive and active outbound ftp traffic on an internal computer
without affecting inbound and lan speed
# mark the outbound passive ftp packets on ports 50000-51000
iptables -t mangle -D OUTPUT -o eth0 -j MYSHAPER-OUT 2> /dev/null >
/dev/null
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I OUTPUT -o eth0 -j MYSHAPER-OUT
# mark packets: 20 is lan traffic, 26 is active ftp and passive ftp, 30
is ACK for downloads, 35 is email
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 20
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 59999 -j MARK
--set-mark 26
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK
--set-mark 26
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK
--set-mark 30
iptables -t mangle -A MYSHAPER-OUT -m tcp -p tcp --dport 25 -j MARK
--set-mark 35
# clear it
tc qdisc del dev eth0 root
#add the root qdisk
tc qdisc add dev eth0 root handle 1: htb default 20
#add main rate limit class
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit
#add leaf classes, 1:2 is lan, 1:3 is outbound max
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 100mbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 40kbps
# 1:31 is ftp with lower prio, 1:32 is ACk AND email higher prio
tc class add dev eth0 parent 1:3 classid 1:31 htb rate 20kbps ceil
40kbps prio 2
tc class add dev eth0 parent 1:3 classid 1:32 htb rate 20kbps ceil
40kbps prio 1
#filter traffic into classes
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw
flowid 1:2
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 26 fw
flowid 1:31
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 30 fw
flowid 1:32
tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 35 fw
flowid 1:32
Any comments would be greatly appreciated,
Mark
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] refining my rules
2005-11-27 1:06 [LARTC] refining my rules nix4me
@ 2005-11-27 10:05 ` Andreas Klauer
0 siblings, 0 replies; 2+ messages in thread
From: Andreas Klauer @ 2005-11-27 10:05 UTC (permalink / raw)
To: lartc
On Sunday 27 November 2005 02:06, nix4me wrote:
> #add main rate limit class
> tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit
In a 100mbit network, the full 100mbit can only be reached under optimal
conditions (I don't know what they are though), so I suggest you measure
the actual throughput your network can reach and use this as rate, or just
use a slightly lower value here.
> #add leaf classes, 1:2 is lan, 1:3 is outbound max
> tc class add dev eth0 parent 1:1 classid 1:2 htb rate 100mbit
If you give the LAN class the full parent class rate, you've got two
problems. First, your parent class will already be fully booked. There is
nothing left for the other classes, and HTB will have to cheat somehow to
distribute bandwidth now, which may lead to unexpected results. Second, if
you got a lot of LAN traffic between the router and other machines
(fileserver etc.), this traffic can take up the whole line and interfere
with your internet traffic. So in my opinion the rate of the LAN class
should be the rate of the parent class minus the rate(s) of your internet
class(es).
> tc class add dev eth0 parent 1:1 classid 1:3 htb rate 40kbps
> # 1:31 is ftp with lower prio, 1:32 is ACk AND email higher prio
> tc class add dev eth0 parent 1:3 classid 1:31 htb rate 20kbps ceil
> 40kbps prio 2
> tc class add dev eth0 parent 1:3 classid 1:32 htb rate 20kbps ceil
> 40kbps prio 1
You don't have any internet traffic other than ftp and email?
Regards,
Andreas Klauer
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-11-27 10:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-27 1:06 [LARTC] refining my rules nix4me
2005-11-27 10:05 ` Andreas Klauer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.