From: Rokas <rokasz@centras.lt>
To: lartc@vger.kernel.org
Subject: [LARTC] HTB traffic shaping + squid cache proxy
Date: Thu, 13 Nov 2003 09:23:38 +0000 [thread overview]
Message-ID: <marc-lartc-106871556804786@msgid-missing> (raw)
Hello!
My system is:
Internet ADSL(PPPoE) ---> ppp0 [LINUX server(router)] eth0 ---> LAN
Server(router) is running on LINUX Slackware 8.1. I have recompiled a
2.4.22 kernel, enabled all QoS support in the kernel config,
including HTB. My ADSL bandwidth is 256Kbit/s for download and
64Kbit/s for upload.
I use the following HTB+IPTABLES configuration, because I want to
reduce bandwith for all traffic, except HTTP, MAIL, ICQ, IRC, SSH and
etc.
-------------------------------------------------------------------------
#!/bin/bash
TC=/sbin/tc
IPTABLES=/usr/sbin/iptables
$TC qdisc del dev eth0 root 2> /dev/null > /dev/null
$TC qdisc del dev ppp0 root 2> /dev/null > /dev/null
$IPTABLES -F POSTROUTING -t mangle
$TC qdisc add dev eth0 root handle 1: htb default 50 r2q 2
$TC class add dev eth0 parent 1: classid 1:2 htb rate 248Kbit burst 35k
$TC class add dev eth0 parent 1:2 classid 1:10 htb rate 220Kbit ceil 240Kbit burst 25k prio 0
$TC class add dev eth0 parent 1:2 classid 1:30 htb rate 28Kbit ceil 28Kbit burst 10k prio 1
$TC qdisc add dev eth0 parent 1:10 handle 11: sfq perturb 10
$TC qdisc add dev eth0 parent 1:30 handle 33: sfq perturb 10
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 80 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 443 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 22 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 21 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 53 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p udp --sport 53 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 110 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 5190 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 6661:6669 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p icmp -j MARK --set-mark 1
$TC filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:10
$TC filter add dev eth0 parent 1:0 protocol ip handle 3 fw flowid 1:30
##############################
$TC qdisc add dev ppp0 root handle 1: htb default 20
$TC class add dev ppp0 parent 1: classid 1:1 htb rate 62Kbit burst 35k
$TC class add dev ppp0 parent 1:1 classid 1:10 htb rate 40Kbit ceil 60Kbit burst 25k prio 1
$TC class add dev ppp0 parent 1:1 classid 1:20 htb rate 15Kbit ceil 55Kbit burst 10k prio 2
$TC class add dev ppp0 parent 1:1 classid 1:30 htb rate 7Kbit ceil 28Kbit burst 5k prio 3
$TC qdisc add dev ppp0 parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev ppp0 parent 1:20 handle 20: sfq perturb 10
$TC qdisc add dev ppp0 parent 1:30 handle 30: sfq perturb 10
$TC filter add dev ppp0 parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
$TC filter add dev ppp0 parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -j MARK --set-mark 12
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p icmp -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --sport 22 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --sport 80 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 80 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 21 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 20 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MARK --set-mark 13
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 80 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 443 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 53 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p udp --dport 53 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 22 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 23 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 21 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 25 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 110 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 5190 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 6661:6669 -j MARK --set-mark 11
$TC filter add dev ppp0 parent 1:0 protocol ip handle 11 fw flowid 1:10
$TC filter add dev ppp0 parent 1:0 protocol ip handle 12 fw flowid 1:20
$TC filter add dev ppp0 parent 1:0 protocol ip handle 13 fw flowid 1:30
--------------------------------------------------------------------------
This configuration works rather well. But I decided to start a SQUID
HTTP caching transparent proxy on the same server box. I have
configured squid on the 8080 port, and I redirect all the HTTP traffic
to the SQUID proxy server:
iptables -t nat -A PREROUTING -i eth0 -d ! 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080
The redirection works OK, and transparent proxy does its work. But
what about HTTP downstream traffic shaping ? In my earlier configuration
(without SQUID), I just put HTB classes on my internal eth0 interface,
so I could point HTTP traffic into high rate/priority class. But if I
redirect HTTP traffic through SQUID proxy, this shaping becomes not
effective, because I can shape only outgoing traffic on each
interface. What would be your suggestions about this issue ? Perhaps
it is a bad idea to use SQUID proxy ? The most important thing for me
is to reduce the download of big files via FTP, KaZaA and etc. (all
non-priviledeged ports), and to give the WWW and other important
traffic the highest bandwith rate and priority and to speed the WWW...
I would be very grateful if you could give me suggestions how to speed
up WWW...
Rokas Zakarevicius
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2003-11-13 9:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-13 9:23 Rokas [this message]
2003-11-14 6:12 ` [LARTC] HTB traffic shaping + squid cache proxy Eddie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106871556804786@msgid-missing \
--to=rokasz@centras.lt \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.