[LARTC] Basic Traffic Control

From: "Edmund Turner" <eturner@monash.edu.my>
To: lartc@vger.kernel.org
Subject: [LARTC] Basic Traffic Control
Date: Tue, 28 Oct 2003 07:21:37 +0000	[thread overview]
Message-ID: <marc-lartc-106741440623903@msgid-missing> (raw)

Hey guys and gals,
Sorry for the 'newbie' question, but I would like to get some help on
configuring my HTB qdiscs for my network. My network setup:

LAN --> Firewall --> Router -->Internet
		|
		|
		--> DMZ

So much for the Ascii artist in me. :)
The firewall has 3 interfaces:
Eth0 = LAN --> 100Mbps NIC
Eth1 = DMZ --> 100Mbps NIC 
Eth2 = Internet --> 4MB link to internet

Backgrond:
DMZ Zone Eth1: Web/FTP, and SMTP servers. (100Mbps switches and NICs) 
WEB/FTP server :10.100.1.1/24
SMTP server:10.100.1.2/24

LAN Eth0: I have 3 different VLANs to categories the 3 different
departments. 
VLAN1 -192.168.1.0/24
VLAN2 -192.168.2.0/24
VLAN3 -192.168.3.0/24

External Eth2 : 4MB Leased line to the internet.

Currently my router that is connected to the 4MB leased line is becoming
the bottleneck! 
1.)How do I make the firewall Eth0 become the bottleneck???? Should I
limit it to 10mbits as such:
tc qdisc add dev eth0 root handle 1: htb default 10 
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit

2.) I want to limit the bandwidth from the WEB/FTP servers from the DMZ
to either the internet or the LAN.
This is what I did:

tc qdisc add dev eth0 root handle 1: htb default 10 
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbps ceil
256kbps prio 7
tc filter add dev eth0 protocol ip parent 1:1 prio 7 handle 7 fw classid
1:10

tc qdisc add dev eth1 root handle 2: htb default 10 
tc class add dev eth1 parent 2: classid 2:1 htb rate 3840kbps 
tc class add dev eth1 parent 2:1 classid 2:10 htb rate 128kbps ceil
128kbps prio 7
tc filter add dev eth1 protocol ip parent 2:1 prio 7 handle 7 fw classid
2:10

tc qdisc add dev eth2 root handle 3: htb default 10 
tc class add dev eth2 parent 3: classid 3:1 htb rate 3840kbps 
tc class add dev eth2 parent 3:1 classid 3:10 htb rate 128kbps prio 7
tc filter add dev eth2 protocol ip parent 3:1 prio 7 handle 7 fw classid
3:10

/sbin/iptables -A PREROUTING -I eth1 -s 10.100.1.1 -t mangle -j MARK
--set-mark 7
/sbin/iptables -A PREROUTING -I eth1 -d 10.100.1.1 -t mangle -j MARK
--set-mark 7

After testing Via FTP/web downloads. It appears that Ive managed to
limit the amount of bandwidth thru and from the FTP/WEB server from the
DMZ. All other traffic (internet surfing etc) will fall into the default
rules correct? Did I miss anything out? 

What I would like to accomplish :
I would like to limit the max amount of bandwidth on Eth0 to 10MB
I would like to limit the max amount of bandwidth on Eth0 to 3840kbps
I would like to limit the max amount of bandwidth on Eth2 to 3840kbps.
(4MB leased line to internet.
Did I accomplish this?

Any help in anyway is appreciated!
Regards
edmund

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/