All of lore.kernel.org
 help / color / mirror / Atom feed
From: Chandrashekhar Rane <chandrashekhar@netcore.co.in>
To: lartc@vger.kernel.org
Subject: [LARTC] How to control incoming and outgoing traffic using tc + iptables
Date: Wed, 23 Oct 2002 10:57:11 +0000	[thread overview]
Message-ID: <marc-lartc-103536971729031@msgid-missing> (raw)

Dear All,

I try to implement bandwidth control using tc + iptables.

Following is the setup i have at my premises.

eth0 -- Connected to local LAN
eth1 -- Connected with ISP

Following is my requirement.
1) I want to split 10Kbps pipe into two(5kbps each)
2) One 5kbps pipe is again split into 2kbps and 3kbps
	The 2kbps pipe i am going to use to give internet access to all the
machine in my local LAN (i.e 192.168.2.0/24)
	The 3 kbps for SMTP,SSH connection for all
3) The second 5kbps pipe is split into 512bytes and 4.5kbps
	The 512bytes pipe i want to give it to say some specific machine whos
ip is 192.168.2.12 and 4.5 kbps pipe i want to dedicate for ip say
192.168.2.22

The tc script for implementing the same is as follows
---------------------------------------------------------------------------
tc qdisc del dev eth0 root

tc qdisc add dev eth0 root handle 1 cbq bandwidth 10Mbit avpkt 1000 cell
8

tc qdisc del dev eth1 root

tc qdisc add dev eth1 root handle 1 cbq bandwidth 10Mbit avpkt 1000 cell
8

tc class add dev eth1 parent 1: classid 1:80 cbq bandwidth 10Mbit rate
80Kbit weight 8Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated

tc class add dev eth1 parent 1:80 classid 1:801 cbq bandwidth 10Mbit
rate 40Kbit weight 4Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated

tc class add dev eth1 parent 1:801 classid 1:8011 cbq bandwidth 10Mbit
rate 16Kbit weight 2Kbit prio 3 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded

tc qdisc add dev eth1 parent 1:8011 handle 8011 tbf rate 16Kbit buffer
2048 limit 2048 mtu 1500

tc filter add dev eth1 parent 1:0 protocol ip prio 200 handle 3 fw
classid 1:8011

tc class add dev eth1 parent 1:801 classid 1:8012 cbq bandwidth 10Mbit
rate 24Kbit weight 3Kbit prio 2 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded

tc qdisc add dev eth1 parent 1:8012 handle 8012 tbf rate 24Kbit buffer
3072 limit 3072 mtu 1500

tc filter add dev eth1 parent 1:0 protocol ip prio 200 handle 2 fw
classid 1:8012

tc class add dev eth1 parent 1:80 classid 1:802 cbq bandwidth 10Mbit
rate 40Kbit weight 4Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated

tc class add dev eth1 parent 1:802 classid 1:8021 cbq bandwidth 10Mbit
rate 4Kbit weight 1Kbit prio 4 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded

tc qdisc add dev eth1 parent 1:8021 handle 8021 tbf rate 4Kbit buffer
512 limit 512 mtu 1500

tc filter add dev eth1 parent 1:0 protocol ip prio 200 handle 4 fw
classid 1:8021

tc class add dev eth1 parent 1:802 classid 1:8022 cbq bandwidth 10Mbit
rate 36Kbit weight 4Kbit prio 1 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded

tc qdisc add dev eth1 parent 1:8022 handle 8022 tbf rate 36Kbit buffer
4608 limit 4608 mtu 1500

tc filter add dev eth1 parent 1:0 protocol ip prio 200 handle 1 fw
classid 1:8022

tc class add dev eth0 parent 1: classid 1:90 cbq bandwidth 10Mbit rate
80Kbit weight 8Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated

tc class add dev eth0 parent 1:90 classid 1:901 cbq bandwidth 10Mbit
rate 40Kbit weight 4Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated

tc class add dev eth0 parent 1:901 classid 1:9011 cbq bandwidth 10Mbit
rate 16Kbit weight 2Kbit prio 3 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded

tc qdisc add dev eth0 parent 1:9011 handle 9011 tbf rate 16Kbit buffer
2048 limit 2048 mtu 1500

tc filter add dev eth0 parent 1:0 protocol ip prio 200 handle 7 fw
classid 1:9011

tc class add dev eth0 parent 1:901 classid 1:9012 cbq bandwidth 10Mbit
rate 24Kbit weight 3Kbit prio 2 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded

tc qdisc add dev eth0 parent 1:9012 handle 9012 tbf rate 24Kbit buffer
3072 limit 3072 mtu 1500

tc filter add dev eth0 parent 1:0 protocol ip prio 200 handle 6 fw
classid 1:9012

tc class add dev eth0 parent 1:90 classid 1:902 cbq bandwidth 10Mbit
rate 40Kbit weight 4Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded isolated

tc class add dev eth0 parent 1:902 classid 1:9021 cbq bandwidth 10Mbit
rate 4Kbit weight 1Kbit prio 4 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded

tc qdisc add dev eth0 parent 1:9021 handle 9021 tbf rate 4Kbit buffer
512 limit 512 mtu 1500

tc filter add dev eth0 parent 1:0 protocol ip prio 200 handle 8 fw
classid 1:9021

tc class add dev eth0 parent 1:902 classid 1:9022 cbq bandwidth 10Mbit
rate 36Kbit weight 4Kbit prio 1 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded

tc qdisc add dev eth0 parent 1:9022 handle 9022 tbf rate 36Kbit buffer
4608 limit 4608 mtu 1500

tc filter add dev eth0 parent 1:0 protocol ip prio 200 handle 5 fw
classid 1:9022 
-------------------------------------------------------------------------

And the corresponding iptables script is as follows.

# The absolute path for iptables command
IPTABLES=/sbin/iptables

# Flush the rules if any already present in mangle table. 
$IPTABLES -t mangle -F 

###########################################################################
#                      Rules for uplink                                
#
###########################################################################
$IPTABLES -t mangle -A FORWARD -m state --state NEW -s 192.168.2.12 \
	 -d ! 192.168.2.0/24 -j MARK --set-mark 4 

$IPTABLES -t mangle -A FORWARD -m state --state NEW -s 192.168.2.22 \
	-d ! 192.168.2.0/24 -j MARK --set-mark 1 

$IPTABLES -t mangle -A FORWARD -m state --state NEW -s 192.168.2.0/24 \
	-d ! 192.168.2.0/24 -p tcp --dport 25 \
	-j MARK --set-mark 3 

$IPTABLES -t mangle -A FORWARD -m state --state NEW -s 192.168.2.0/24 \
	-d ! 192.168.2.0/24 -p tcp --dport 22 \
	-j MARK --set-mark 3 

$IPTABLES -t mangle -A FORWARD -m state --state NEW -s 192.168.2.0/24 \
	-d ! 192.168.2.0/24 -j MARK --set-mark 2 

###########################################################################
#                      Rules for downlink                              
#
###########################################################################
$IPTABLES -t mangle  -A POSTROUTING -m state --state RELATED,ESTABLISHED
\
 	-s ! 192.168.2.0/24 -d 192.168.2.12 -j MARK --set-mark 8

$IPTABLES -t mangle  -A POSTROUTING -m state --state RELATED,ESTABLISHED
\
	-s ! 192.168.2.0/24 -d 192.168.2.22 -j MARK --set-mark 5

$IPTABLES -t mangle -A POSTROUTING -m state --state RELATED,ESTABLISHED
\
	-s ! 192.168.2.0/24 -p tcp --dport 25 -d 192.168.2.0/24 \
	-j MARK --set-mark 7

$IPTABLES -t mangle -A POSTROUTING -m state --state RELATED,ESTABLISHED
\
	-s ! 192.168.2.0/24 -p tcp --dport 22 -d 192.168.2.0/24 \
	-j MARK --set-mark 7

$IPTABLES -t mangle -A POSTROUTING -m state --state RELATED,ESTABLISHED
\
	-s ! 192.168.2.0/24 -d 192.168.2.0/24 -j MARK --set-mark 6


Really get stuck.
Help will be most appreciated.

Thanks in advance

shekhar




_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

             reply	other threads:[~2002-10-23 10:57 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-23 10:57 Chandrashekhar Rane [this message]
2002-10-23 12:53 ` [LARTC] How to control incoming and outgoing traffic using tc + iptables Stef Coene

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-103536971729031@msgid-missing \
    --to=chandrashekhar@netcore.co.in \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.