* [LARTC] balancing behind NAT?
@ 2000-11-30 12:25 lethal
2000-11-30 18:00 ` Sander
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: lethal @ 2000-11-30 12:25 UTC (permalink / raw)
To: lartc
<PRE>Hi,
I'd like to setup cbq for my 7 lan users, but i'd like to do it only for the
internet connect (LAN is accessing internet through masquerading), not for
the whole server machine: i mean somebody on the lan should access the
server at full rate(10Mbit/s), but internet at for example 30KB/sec).
i now i've setup only kbits, but those dramastic low-speed was to see easily
if it was working or not :)
how could i do that?
my lan NIC is eth0 and internet eth1, i already tried the following thingie
that doesn't work (i suppose it's logic, but i had to try it ;) )
And, How could i reset all the cbq existing config to remake a new one?
tc qdisc add dev eth1 root handle 10: cbq bandwidth 105Kbit avpkt 1000
tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 105Kbit rate \
105Kbit allot 1514 weight 15Kbit prio 8 maxburst 20 avpkt 1000
tc class add dev eth1 parent 10:1 classid 10:100 cbq bandwidth 105Kbit rate
\
10Kbit allot 1514 weight 5Kbit prio 5 maxburst 20 avpkt 1000 bounded
tc qdisc add dev eth1 parent 10:100 sfq quantum 1514b perturb 15
tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15
tc filter add dev eth1 parent 10:0 protocol ip prio 25 u32 match ip dst \
192.168.0.0/16 flowid 10:100
Same kind of thing for upstream
PS: where could i find a decent doc/faq/howto about cbq? Advanced-routing
isn't that bad but it's far from explaining every little trick :/
Greetings,
JY
_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : <A HREF="http://explorer.msn.com">http://explorer.msn.com</A>
</PRE>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [LARTC] balancing behind NAT?
2000-11-30 12:25 [LARTC] balancing behind NAT? lethal
@ 2000-11-30 18:00 ` Sander
2000-12-01 13:16 ` Sander
2000-12-02 22:54 ` Wingtung.Leung
2 siblings, 0 replies; 4+ messages in thread
From: Sander @ 2000-11-30 18:00 UTC (permalink / raw)
To: lartc
<PRE>At 13:25 30-11-00 +0100, you wrote:
><i>Hi,
</I>><i>
</I>><i>I'd like to setup cbq for my 7 lan users, but i'd like to do it only for
</I>><i>the internet connect (LAN is accessing internet through masquerading), not
</I>><i>for the whole server machine: i mean somebody on the lan should access the
</I>><i>server at full rate(10Mbit/s), but internet at for example 30KB/sec).
</I>><i>i now i've setup only kbits, but those dramastic low-speed was to see
</I>><i>easily if it was working or not :)
</I>><i>
</I>><i>how could i do that?
</I>><i>
</I>><i>my lan NIC is eth0 and internet eth1, i already tried the following
</I>><i>thingie that doesn't work (i suppose it's logic, but i had to try it ;) )
</I>><i>
</I>><i>And, How could i reset all the cbq existing config to remake a new one?
</I>><i>
</I>><i>tc qdisc add dev eth1 root handle 10: cbq bandwidth 105Kbit avpkt 1000
</I>><i>tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 105Kbit rate \
</I>><i> 105Kbit allot 1514 weight 15Kbit prio 8 maxburst 20 avpkt 1000
</I>><i>
</I>><i>tc class add dev eth1 parent 10:1 classid 10:100 cbq bandwidth 105Kbit rate \
</I>><i> 10Kbit allot 1514 weight 5Kbit prio 5 maxburst 20 avpkt 1000 bounded
</I>><i>
</I>><i>tc qdisc add dev eth1 parent 10:100 sfq quantum 1514b perturb 15
</I>><i>tc qdisc add dev eth1 parent 10:200 sfq quantum 1514b perturb 15
</I>><i>
</I>><i>tc filter add dev eth1 parent 10:0 protocol ip prio 25 u32 match ip dst \
</I>><i> 192.168.0.0/16 flowid 10:100
</I>I got the same problem, until I figured out that you cant denote
IP-adresses with the filter, as those are 'masqueraded' out and replaced by
the router's address. With your ipchains-masquerading command, you should
add a 'mark packet' command, which gives each individual forwarded machine
an individual mark on its packets, so tc filter can pick those out. An
example configuration of me (upstream!):
(eth1 is the outgoing interface)
# masq a fictious machine and mark it with 0xa (hexadecimal = 10 decimal!)
/sbin/ipchains -A forward -s 192.168.0.1/32 -j MASQ -m 0xa
#make root class with 128 kbit
/usr/bin/tc qdisc add dev eth1 root handle 1: cbq bandwidth 128Kbit avpkt 1000
/usr/bin/tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 128Kbit
rate 128Kbit \
allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000
#this gives the fictious machine above a bounded bandwidth of 40 kbit
/usr/bin/tc class add dev eth1 parent 1:1classid 1:11 cbq bandwidth 128Kbit
rate 40Kbit \
allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:1
/usr/bin/tc qdisc add dev eth1 parent 1:11 sfq quantum 1514b perturb 15
#here we add the filter command and give with it 'handle 10' which
corresponds to the fictious machine above, which was marked with 10 (=0xa):
/usr/bin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 handle 10
fw classid 1:11
That's it for one machine, the rest you can hopely figure out for yourself ;)
Sander Raaijmakers
</PRE>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [LARTC] balancing behind NAT?
2000-11-30 12:25 [LARTC] balancing behind NAT? lethal
2000-11-30 18:00 ` Sander
@ 2000-12-01 13:16 ` Sander
2000-12-02 22:54 ` Wingtung.Leung
2 siblings, 0 replies; 4+ messages in thread
From: Sander @ 2000-12-01 13:16 UTC (permalink / raw)
To: lartc
<PRE>At 03:58 1-12-00 +0000, you wrote:
><i>Hi,
</I>><i>
</I>><i>Im trying to setup a traffic shaping in a simialar setup to youris. The
</I>><i>stuff below makes sense but I can't figure out how to shape the
</I>><i>downstream. Could you give me an example from your config to start me
</I>><i>off.
</I>><i>
</I>><i>The thing I don't understand is that packets coming from the internet to
</I>><i>(for example) 192.168.0.4 will not be marked so how can they be
</I>><i>routed to the right class ?
</I>><i>
</I>><i>thanks
</I>><i>
</I>><i>david.
</I>
Hi,
I am sorry to say, I wasn't able to get that to work either (partially
because I don't need it in my configuration). But I do think that you can
follow the advanced routing howto more closely on that one when you use the
interface to the local network, as the IP-adress is translated back to the
internal adress long before it travels through this interface.
So in theory:
#example from the advanced routing-howto, slightly changed
tc filter add dev eth0 parent 10:0 protocol ip prio 25 u32 match ip dst \
150.151.0.0 flowid 10:100
This should work (with the previous rules being pretty much the same as I
gave them).
Sander Raaijmakers
</PRE>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [LARTC] balancing behind NAT?
2000-11-30 12:25 [LARTC] balancing behind NAT? lethal
2000-11-30 18:00 ` Sander
2000-12-01 13:16 ` Sander
@ 2000-12-02 22:54 ` Wingtung.Leung
2 siblings, 0 replies; 4+ messages in thread
From: Wingtung.Leung @ 2000-12-02 22:54 UTC (permalink / raw)
To: lartc
<PRE>On Fri, 1 Dec 2000, Sander wrote:
><i> At 03:58 1-12-00 +0000, you wrote:
</I>><i>
</I>><i> >
</I>><i> >The thing I don't understand is that packets coming from the internet to
</I>><i> >(for example) 192.168.0.4 will not be marked so how can they be
</I>><i> >routed to the right class ?
</I>
You need to create seperate queues for each direction. Outgoing traffic to
the internet gets in a queue in your eth1 (internet) and incoming traffic
to your LAN is put in queues at eth0 (LAN).
You just need to mark the packets depending on the incoming interface and
destination. (check out ipchains or iptables)
</PRE>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2000-12-02 22:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2000-11-30 12:25 [LARTC] balancing behind NAT? lethal
2000-11-30 18:00 ` Sander
2000-12-01 13:16 ` Sander
2000-12-02 22:54 ` Wingtung.Leung
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.