[LARTC] 2 lans + internet + squid

[LARTC] 2 lans + internet + squid

[Jose Luis Ocaranza]

Hie,

I´m working on this server :
-2 lans network (eth0-172.17.1.0 and eth1-172.16.1.0)
-1 ADSL internet conection trought eth2-ppp0
-CBQ.Init script.
-Squid cache server.
I have some clases for users with diferent bandwith (64K, 128K, 256K).
Few days ago I realized that the bandwith limitation afects the downloads 
speed not only from the internet, but also from the server itself. Let see.. if i 
set an FTP conection to my server from a client machine, the download is 
shaped to the bandwith assigned to the user.
What i need is to let the user download at full speed if the data comes from 
the server, but if it comes from the internet shapeit down. This is specially 
usefull for the squid service, so if the website is in the squid cache, the user 
download is at full speed, but if it´s not the user download is shaped.
Any idea what can I touch ??
I try aplying filter based on dst or src IP (server´s IP) and ports (squid port), 
with no result.
It could be posible marking packets with iptables that comes from the ppp0 
interface ?
Any sample configs !!

Thx in advance,

Jose Luis Ocaranza
Santiago del Estero
Argentina
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] 2 lans + internet + squid

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 659 bytes --]

Le mer 17/12/2003 à 00:31, Jose Luis Ocaranza a écrit :
> Hie,
> 
> I´m working on this server :
> -2 lans network (eth0-172.17.1.0 and eth1-172.16.1.0)
> -1 ADSL internet conection trought eth2-ppp0
> It could be posible marking packets with iptables that comes from the ppp0 
> interface ?
> Any sample configs !!

Have you try to put the mark for shaping on the FORWARD chain. You will
then avoid to mark packets coming from your server (so from the squid)
and you will be able to put the packet originating from your server in a
big bandwith default class. 

BR,
-- 
Eric Leblond
Nufw, Now User Filtering Works (http://www.nufw.org)

[-- Attachment #2: Ceci est une partie de message numériquement signée. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] 2 lans + internet + squid

[Roy]

there is no need to use separate interface for dsl.
also you should not use cbq it is the worst of all.
use htb, wrr or hfsc htb is most easy to use for now

it is wery easy to put local trafic into separate class by server ip as you
are trying and I dont understand why it dont work for you
i think cbq and htb init scripts dontn have filter priorities so that will
be the problem for you because if you set such rules:
if dst = client ip then shape to 100 kbit
if src = server ip the shape to 70 Mbit
it wont work with that script,  you need to check second rule first ot it
will be ignored
I had the similar problem some configurations work and some not even if they
are identic or even stops working with no reason.

so you cant use this init script for such setup or you can manualy edit its
output and set filter priorities ( the same as setting class priorities but
for filters)


the squid shaping will not work, you cant easily detect where the pacet came
from. because packets dont pass squid. however there is some way do do this
read about that on faq on docum.org
anyway squid shaping dont work vell because it will buffer 50kb thus will
hog all trafic for that timeand latency will increase then it will leave the
link free until buffer is empty. so you will need to set buffer about 8-12kb
depending on your dsl speed

----- Original Message ----- 
From: "Jose Luis Ocaranza" <jlocaranza@ocanet.com.ar>
To: <lartc@mailman.ds9a.nl>
Sent: Wednesday, December 17, 2003 1:31 AM
Subject: [LARTC] 2 lans + internet + squid


Hie,

I´m working on this server :
-2 lans network (eth0-172.17.1.0 and eth1-172.16.1.0)
-1 ADSL internet conection trought eth2-ppp0
-CBQ.Init script.
-Squid cache server.
I have some clases for users with diferent bandwith (64K, 128K, 256K).
Few days ago I realized that the bandwith limitation afects the downloads
speed not only from the internet, but also from the server itself. Let see..
if i
set an FTP conection to my server from a client machine, the download is
shaped to the bandwith assigned to the user.
What i need is to let the user download at full speed if the data comes from
the server, but if it comes from the internet shapeit down. This is
specially
usefull for the squid service, so if the website is in the squid cache, the
user
download is at full speed, but if it´s not the user download is shaped.
Any idea what can I touch ??
I try aplying filter based on dst or src IP (server´s IP) and ports (squid
port),
with no result.
It could be posible marking packets with iptables that comes from the ppp0
interface ?
Any sample configs !!

Thx in advance,

Jose Luis Ocaranza
Santiago del Estero
Argentina
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] 2 lans + internet + squid

[rubens]

You can make the inbound traffic from the external interface (ppp0) flow
thru a IMQ interface, and shape the traffic as it egress from imq.
http://lartc.org/howto/lartc.imq.html


Rubens


On Tue, 16 Dec 2003, Jose Luis Ocaranza wrote:

> Hie,
>
> I´m working on this server :
> -2 lans network (eth0-172.17.1.0 and eth1-172.16.1.0)
> -1 ADSL internet conection trought eth2-ppp0
> -CBQ.Init script.
> -Squid cache server.
> I have some clases for users with diferent bandwith (64K, 128K, 256K).
> Few days ago I realized that the bandwith limitation afects the downloads
> speed not only from the internet, but also from the server itself. Let see.. if i
> set an FTP conection to my server from a client machine, the download is
> shaped to the bandwith assigned to the user.
> What i need is to let the user download at full speed if the data comes from
> the server, but if it comes from the internet shapeit down. This is specially
> usefull for the squid service, so if the website is in the squid cache, the user
> download is at full speed, but if it´s not the user download is shaped.
> Any idea what can I touch ??
> I try aplying filter based on dst or src IP (server´s IP) and ports (squid port),
> with no result.
> It could be posible marking packets with iptables that comes from the ppp0
> interface ?
> Any sample configs !!
>
> Thx in advance,
>
> Jose Luis Ocaranza
> Santiago del Estero
> Argentina
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/