From: "Edmund Turner" <eturner@monash.edu.my>
To: lartc@vger.kernel.org
Subject: [LARTC] (no subject)
Date: Mon, 27 Oct 2003 08:08:40 +0000 [thread overview]
Message-ID: <marc-lartc-106741416423718@msgid-missing> (raw)
In-Reply-To: <marc-lartc-98373938216902@msgid-missing>
Hey guys and gals,
Sorry for the 'newbie' question, but I would like to get some help on
configuring my HTB qdiscs form my network. My network setup:
LAN --> Firewall --> Router -->Internet
|
|
--> DMZ
So much for the Ascii artist in me. :)
The firewall has 3 interfaces:
Eth0 = LAN --> 100Mbps NIC
Eth1 = DMZ --> 100Mbps NIC
Eth2 = Internet --> 4MB link to internet
Backgrond:
DMZ Zone Eth1: Web/FTP, and SMTP servers. (100Mbps switches and NICs)
I notice that users download A LOT of data at high transfer rates from a
servers in DMZ zone.
WEB/FTP server :10.100.1.1/24
SMTP server:10.100.1.2/24
LAN Eth0: I have 3 different VLANs to categories the 3 different
departments.
VLAN1 -192.168.1.0/24
VLAN2 -192.168.2.0/24
VLAN3 -192.168.3.0/24
External Eth2 : 4MB Leased line to the internet.
Currently my router that is connected to the 4MB leased line is becoming
the bottleneck! How do I make the firewall Eth0 become the
bottleneck???? Should I limit it to 10mbits as such:
tc qdisc add dev eth0 root handle 1: htb default 10
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
My objectives:
1.) I want to limit the bandwidth from the WEB/FTP servers from the DMZ
to either the internet or the LAN.
This is what I did:
tc qdisc add dev eth0 root handle 1: htb default 10
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbps ceil
256kbps prio 7
tc filter add dev eth0 protocol ip parent 1:1 prio 7 handle 7 fw classid
1:10
tc qdisc add dev eth1 root handle 2: htb default 10
tc class add dev eth1 parent 2: classid 2:1 htb rate 3840kbps
tc class add dev eth1 parent 2:1 classid 2:10 htb rate 128kbps ceil
128kbps prio 7
tc filter add dev eth1 protocol ip parent 2:1 prio 7 handle 7 fw classid
2:10
tc qdisc add dev eth2 root handle 3: htb default 10
tc class add dev eth2 parent 3: classid 3:1 htb rate 3840kbps
tc class add dev eth2 parent 3:1 classid 3:10 htb rate 128kbps prio 7
tc filter add dev eth2 protocol ip parent 3:1 prio 7 handle 7 fw classid
3:10
/sbin/iptables -A PREROUTING -I eth1 -s 10.100.1.1 -t mangle -j MARK
--set-mark 7
/sbin/iptables -A PREROUTING -I eth1 -d 10.100.1.1 -t mangle -j MARK
--set-mark 7
After testing Via FTP/web downloads. It appears that Ive managed to
limit the amount of bandwidth thru and from the FTP/WEB server from the
DMZ. All other traffic (internet surfing etc) will fall into the default
rules correct? Did I miss anything out?
I would like to limit the max amount of bandwidth on Eth0 to 10MB
I would like to limit the max amount of bandwidth on Eth0 to 3840kbps
I would like to limit the max amount of bandwidth on Eth2 to 3840kbps.
(4MB leased line to internet.
Did I accomplish this?
Any help in anyway is appreciated!
Regards
edmund
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-10-27 8:08 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <marc-lartc-98373938216902@msgid-missing>
2000-12-06 0:19 ` [LARTC] (no subject) sun
2001-04-06 19:37 ` siddhardha garige
2001-04-06 19:46 ` linux
2001-07-03 17:22 ` Jose Miguel Varet
2002-03-13 14:16 ` Rajesh Revuru
2002-03-29 8:19 ` Vahan Grigoryan
2002-03-29 11:03 ` Vahan Grigoryan
2002-03-29 11:15 ` martin f krafft
2002-04-19 12:42 ` Emil Terziev
2002-04-19 12:56 ` Alex Bennee
2002-04-20 9:18 ` Waters
2002-04-20 13:10 ` Mihai RUSU
2002-04-20 19:56 ` Stef Coene
2002-04-20 22:07 ` Re[2]: " Waters
2002-04-20 22:44 ` pof
2002-05-03 9:09 ` Nandan Kaushik
2002-05-03 10:21 ` Stef Coene
2002-05-03 14:52 ` Adrian Chung
2002-05-03 16:38 ` Lei Bao
2002-05-18 15:21 ` William L. Thomson Jr.
2002-05-19 18:05 ` Martin Devera
2002-05-23 9:38 ` Karasik, Vitaly
2002-05-23 9:43 ` Alexey Talikov
2002-06-06 11:58 ` alouini khalif
2002-07-25 2:31 ` Alfred Quah
2002-07-25 5:52 ` Stef Coene
2002-08-18 11:28 ` noroozi
2002-08-18 13:40 ` Eric Leblond
2002-09-30 8:31 ` Fred Thep
2002-10-11 18:40 ` Albuquerque, Marcelo M
2002-10-11 19:36 ` Stef Coene
2002-10-11 21:17 ` Albuquerque, Marcelo M
2002-10-15 18:40 ` Stef Coene
2002-10-25 9:46 ` Andreani Luca
2002-10-25 11:15 ` raptor
2002-10-26 23:20 ` zoop
2002-11-16 21:54 ` Waters
2002-11-16 22:18 ` Stef Coene
2002-11-17 6:11 ` Ashok N N
2002-11-21 12:41 ` ajay
2003-02-26 8:02 ` Kjell Chris Flor
2003-03-02 0:54 ` Martin A. Brown
2003-03-02 10:51 ` Kjell Chris Flor
2003-03-08 20:16 ` Stef Coene
2003-03-21 22:38 ` Kjell Chris. Flor
2003-03-21 22:54 ` Nickola Kolev
2003-03-22 3:03 ` Kjell Chris. Flor
2003-03-22 10:22 ` Nickola Kolev
2003-04-06 18:19 ` GoMi .
2003-04-18 17:21 ` rio
2003-04-18 19:19 ` Stef Coene
2003-04-21 19:30 ` larry lefthook
2003-04-21 20:24 ` Martin A. Brown
2003-06-05 10:33 ` Alejandro Sager
2003-07-30 17:04 ` Daniel Ardelian
2003-07-30 19:02 ` Stef Coene
2003-09-01 18:05 ` Gabriel Corcodel
2003-09-01 19:10 ` Stef Coene
2003-09-04 2:20 ` Randolph Carter
2003-09-25 6:37 ` Senthil Nathan V
2003-10-23 10:47 ` Edmund Turner
2003-10-27 8:08 ` Edmund Turner [this message]
2003-10-30 5:51 ` Edmund Turner
2003-10-30 10:12 ` Stef Coene
2003-10-31 5:10 ` Edmund Turner
2003-11-27 17:08 ` Emmanuel
2004-01-12 18:14 ` james jones
2004-02-26 22:53 ` Georgi Moskov
2004-03-06 18:44 ` Sam
2004-04-07 14:12 ` Ibrahim Cherri
2004-04-07 23:02 ` Roy
2004-05-26 13:21 ` Amita Maheshwari
2004-07-19 9:19 ` Anton Glinkov
2004-07-19 12:04 ` Ed Wildgoose
2004-08-16 8:29 ` Alin Nonosel
2004-09-07 14:22 ` james jones
2004-11-15 11:41 ` tepesu
2005-01-03 3:03 ` Oswin Budiman
2005-02-12 18:57 ` naveen andrew
2005-04-26 15:46 ` Stanislav Nedelchev
2005-07-12 9:34 ` Supratim Mitra
2005-10-10 3:13 ` KOMUNIKA SYSTEM
2005-10-15 16:59 ` KOMUNIKA SYSTEM
2005-10-15 20:31 ` Marek Kierdelewicz
2005-10-20 22:21 ` comp.techs
2006-02-20 13:11 ` Greg Scott
2007-03-28 6:27 ` Leigh Sharpe
2007-09-29 8:59 ` Anirudh Gottumukkala)me in Google Accounts (Anirudh Gottumukkala
2002-10-12 16:28 [LARTC] <no subject> Samuel Kerschbaumer
2002-10-12 16:55 ` Stef Coene
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106741416423718@msgid-missing \
--to=eturner@monash.edu.my \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.