* [LARTC] Traffic Control + Masquerading
@ 2000-10-25 2:04 Ing.Rodrigo
2000-10-25 9:42 ` bert
2000-10-25 13:20 ` Josip
0 siblings, 2 replies; 3+ messages in thread
From: Ing.Rodrigo @ 2000-10-25 2:04 UTC (permalink / raw)
To: lartc
<PRE>Hello,
I'm trying to do some traffic control with a linux router running
ipchains and the cbq modules (using tc), I've got the following setup:
<internet> --- eth0 <linux router> eth1 --- <LAN>
Inside the LAN I've got private IPs, on the other side eth0 has a public
IP. I have several computers on the LAN that should be asigned a limited
bandwidth each.
I can limit the downstream bandwidth perfectly, however, as the linux
router is doing masquerading, I don't seem to be able to discriminate
upstream bandwidth based on each computer, as the outgoing source IP is
the public one on the router (eth0).
I'm only able to limit the bandwidth of the router itself, but it's not
a very good solutions, as the clients inside could have their upstream
bandwidth "eaten" by another one of the clients.
Any way to go about this? Or is there some documentation I missed? I'd
gladly appreciate any pointers to docs or suggestions.
Thank you,
Rodrigo Goya
The commands I'm testing with are the following, for now I'm using
basically the commands described in the HOWTO, except for the 64kbps rate:
/* For downstream bandwidth */
tc qdisc add dev eth1 root handle 10: cbq bandwidth 10Mbit avpkt 1000
tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 10Mbit rate\
10Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
tc class add dev eth1 parent 10:1 classid 10:200 cbq bandwidth 10Mbit rate\
0.064Mbit allot 1514 weight 6.4Kbit prio 5 maxburst 20 avpkt 1000\
bounded
tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15
tc filter add dev eth1 parent 10:0 protocol ip prio 100 u32 match ip dst\
192.168.7.9 flowid 10:200
/* For upstream bandwdidth */
tc qdisc add dev eth0 root handle 20: cbq bandwidth 10Mbit avpkt 1000
tc class add dev eth0 parent 20:0 classid 20:1 cbq bandwidth 10Mbit rate\
10Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
tc class add dev eth0 parent 20:1 classid 20:200 cbq bandwidth 10Mbit rate\
0.064Mbit allot 1514 weight 6.4Kbit prio 5 maxburst 20 avpkt 1000\
bounded
tc qdisc add dev eth0 parent 20:200 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 20:0 protocol ip prio 100 u32 match ip src\
192.168.7.9 flowid 20:200
/* I can put the router's public IP on this last command, but then all the
clients, including the router have to share the same bandwidth, I could
make the bandwidth larger, but then the problem I mentioned above
appears */
And for ipchains I'm testing with:
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward MASQ
ipchains -A input -s 192.168.7.9/32 -j ACCEPT
ipchains -A output -d 192.168.7.9/32 -j ACCEPT
</PRE>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [LARTC] Traffic Control + Masquerading
2000-10-25 2:04 [LARTC] Traffic Control + Masquerading Ing.Rodrigo
@ 2000-10-25 9:42 ` bert
2000-10-25 13:20 ` Josip
1 sibling, 0 replies; 3+ messages in thread
From: bert @ 2000-10-25 9:42 UTC (permalink / raw)
To: lartc
<PRE>On Tue, Oct 24, 2000 at 10:04:33PM -0400, Ing. Rodrigo Goya O. wrote:
><i> I can limit the downstream bandwidth perfectly, however, as the linux
</I>><i> router is doing masquerading, I don't seem to be able to discriminate
</I>><i> upstream bandwidth based on each computer, as the outgoing source IP is
</I>><i> the public one on the router (eth0).
</I>
You need to mark packets when they're coming in on the inside, with a
different mark for different computers. Ipchains offers support for this.
This mark will survive the routing, and then you make a filter with 'tc' on
this mark.
The HOWTO mentions how to do this with 'iptables', but the ipchains commands
are not that different.
Regards,
bert hubert
--
PowerDNS Versatile DNS Services
Trilab The Technology People
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
</PRE>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [LARTC] Traffic Control + Masquerading
2000-10-25 2:04 [LARTC] Traffic Control + Masquerading Ing.Rodrigo
2000-10-25 9:42 ` bert
@ 2000-10-25 13:20 ` Josip
1 sibling, 0 replies; 3+ messages in thread
From: Josip @ 2000-10-25 13:20 UTC (permalink / raw)
To: lartc
<PRE>bert hubert (<A HREF="mailto:ahu@ds9a.nl">ahu@ds9a.nl</A>) wrote:
><i> You need to mark packets when they're coming in on the inside, with a
</I>
Perhaps the following should work (based on help from nice people at lartc
mailing list :-))
# Set up the marking
iptables -t mangle -A PREROUTING -s LAN_IP_ADDR -j MARK --set-mark 0x1
# Set up the Bandwidth Management
tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit avpkt 1000
# Set up the root Class at 10Mbit
tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate 10Mbit allot 1514 weight 1Mbit prio 8 maxburst 100 avpkt 1000
# Set up a restricted class with a rate of 100Kbit
tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate 100Kbit allot 1514 weight 50Kbit prio 7 maxburst 20 avpkt 1000 bounded
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:2
Make sure you substituted 'eth0' with the interface that is connected to
your LAN.
Josip
</PRE>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2000-10-25 13:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2000-10-25 2:04 [LARTC] Traffic Control + Masquerading Ing.Rodrigo
2000-10-25 9:42 ` bert
2000-10-25 13:20 ` Josip
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.