From: Ing. Rodrigo Goya O. rgoya@linuxcenter.com.mx
To: lartc@vger.kernel.org
Subject: [LARTC] Traffic Control + Masquerading
Date: Wed, 25 Oct 2000 02:04:33 +0000 [thread overview]
Message-ID: <marc-lartc-98373938216835@msgid-missing> (raw)
<PRE>Hello,
I'm trying to do some traffic control with a linux router running
ipchains and the cbq modules (using tc), I've got the following setup:
<internet> --- eth0 <linux router> eth1 --- <LAN>
Inside the LAN I've got private IPs, on the other side eth0 has a public
IP. I have several computers on the LAN that should be asigned a limited
bandwidth each.
I can limit the downstream bandwidth perfectly, however, as the linux
router is doing masquerading, I don't seem to be able to discriminate
upstream bandwidth based on each computer, as the outgoing source IP is
the public one on the router (eth0).
I'm only able to limit the bandwidth of the router itself, but it's not
a very good solutions, as the clients inside could have their upstream
bandwidth "eaten" by another one of the clients.
Any way to go about this? Or is there some documentation I missed? I'd
gladly appreciate any pointers to docs or suggestions.
Thank you,
Rodrigo Goya
The commands I'm testing with are the following, for now I'm using
basically the commands described in the HOWTO, except for the 64kbps rate:
/* For downstream bandwidth */
tc qdisc add dev eth1 root handle 10: cbq bandwidth 10Mbit avpkt 1000
tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 10Mbit rate\
10Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
tc class add dev eth1 parent 10:1 classid 10:200 cbq bandwidth 10Mbit rate\
0.064Mbit allot 1514 weight 6.4Kbit prio 5 maxburst 20 avpkt 1000\
bounded
tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15
tc filter add dev eth1 parent 10:0 protocol ip prio 100 u32 match ip dst\
192.168.7.9 flowid 10:200
/* For upstream bandwdidth */
tc qdisc add dev eth0 root handle 20: cbq bandwidth 10Mbit avpkt 1000
tc class add dev eth0 parent 20:0 classid 20:1 cbq bandwidth 10Mbit rate\
10Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
tc class add dev eth0 parent 20:1 classid 20:200 cbq bandwidth 10Mbit rate\
0.064Mbit allot 1514 weight 6.4Kbit prio 5 maxburst 20 avpkt 1000\
bounded
tc qdisc add dev eth0 parent 20:200 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 20:0 protocol ip prio 100 u32 match ip src\
192.168.7.9 flowid 20:200
/* I can put the router's public IP on this last command, but then all the
clients, including the router have to share the same bandwidth, I could
make the bandwidth larger, but then the problem I mentioned above
appears */
And for ipchains I'm testing with:
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward MASQ
ipchains -A input -s 192.168.7.9/32 -j ACCEPT
ipchains -A output -d 192.168.7.9/32 -j ACCEPT
</PRE>
next reply other threads:[~2000-10-25 2:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-10-25 2:04 Ing.Rodrigo [this message]
2000-10-25 9:42 ` [LARTC] Traffic Control + Masquerading bert
2000-10-25 13:20 ` Josip
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-98373938216835@msgid-missing \
--to=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.