* limiting bandwidth with iptables or squid?
@ 2004-10-24 14:20 it clown
2004-10-24 15:16 ` Jason Opperisano
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: it clown @ 2004-10-24 14:20 UTC (permalink / raw)
To: netfilter
Hi All,
I would like to know how to limit bandwidth with iptables.I
would like to limit bandwidth to ip's and mac address.Do i
need another program to work with iptables or can iptables
do it on its own?Does any one know where i can find
something to read up on this?
If iptables can not do it can i do it with squid?
Regards
_____________________________________________________________________
For super low premiums ,click here http://www.dialdirect.co.za/quote
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: limiting bandwidth with iptables or squid?
2004-10-24 14:20 limiting bandwidth with iptables or squid? it clown
@ 2004-10-24 15:16 ` Jason Opperisano
2004-10-24 15:35 ` it clown
2004-10-25 11:36 ` Andy Furniss
2004-10-25 0:15 ` Alexander Samad
2004-10-25 9:05 ` Matteo Santori
2 siblings, 2 replies; 8+ messages in thread
From: Jason Opperisano @ 2004-10-24 15:16 UTC (permalink / raw)
To: netfilter
On Sun, 2004-10-24 at 10:20, it clown wrote:
> Hi All,
>
> I would like to know how to limit bandwidth with iptables.I
> would like to limit bandwidth to ip's and mac address.Do i
> need another program to work with iptables or can iptables
> do it on its own?Does any one know where i can find
> something to read up on this?
>
> If iptables can not do it can i do it with squid?
first off--you can't do "inbound" traffic shaping--only outbound. you
cannot control how fast incoming packets hit your machine or how big
they are--you can only control how fast you allow them to leave.
that being said--read chapter 9 of:
http://lartc.org/howto/
-j
--
Jason Opperisano <opie@817west.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: limiting bandwidth with iptables or squid?
2004-10-24 15:16 ` Jason Opperisano
@ 2004-10-24 15:35 ` it clown
2004-10-25 11:36 ` Andy Furniss
1 sibling, 0 replies; 8+ messages in thread
From: it clown @ 2004-10-24 15:35 UTC (permalink / raw)
To: netfilter
Sorry i ment outbound traffic.Thanks, will check the url
out.
On Sun, 24 Oct 2004 11:16:41 -0400
Jason Opperisano <opie@817west.com> wrote:
> On Sun, 2004-10-24 at 10:20, it clown wrote:
> > Hi All,
> >
> > I would like to know how to limit bandwidth with
> iptables.I
> > would like to limit bandwidth to ip's and mac
> address.Do i
> > need another program to work with iptables or can
> iptables
> > do it on its own?Does any one know where i can find
> > something to read up on this?
> >
> > If iptables can not do it can i do it with squid?
>
> first off--you can't do "inbound" traffic shaping--only
> outbound. you
> cannot control how fast incoming packets hit your machine
> or how big
> they are--you can only control how fast you allow them to
> leave.
>
> that being said--read chapter 9 of:
>
> http://lartc.org/howto/
>
> -j
>
> --
> Jason Opperisano <opie@817west.com>
>
>
_____________________________________________________________________
For super low premiums ,click here http://www.dialdirect.co.za/quote
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: limiting bandwidth with iptables or squid?
2004-10-24 14:20 limiting bandwidth with iptables or squid? it clown
2004-10-24 15:16 ` Jason Opperisano
@ 2004-10-25 0:15 ` Alexander Samad
2004-10-25 9:05 ` Matteo Santori
2 siblings, 0 replies; 8+ messages in thread
From: Alexander Samad @ 2004-10-25 0:15 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 739 bytes --]
You could look at iproute2 the command tc
lets you do traffic shapping!
So you could mark up packets in iptables and then traffic shape based on
that
A
On Sun, Oct 24, 2004 at 04:20:25PM +0200, it clown wrote:
> Hi All,
>
> I would like to know how to limit bandwidth with iptables.I
> would like to limit bandwidth to ip's and mac address.Do i
> need another program to work with iptables or can iptables
> do it on its own?Does any one know where i can find
> something to read up on this?
>
> If iptables can not do it can i do it with squid?
>
> Regards
> _____________________________________________________________________
> For super low premiums ,click here http://www.dialdirect.co.za/quote
>
>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: limiting bandwidth with iptables or squid?
2004-10-24 14:20 limiting bandwidth with iptables or squid? it clown
2004-10-24 15:16 ` Jason Opperisano
2004-10-25 0:15 ` Alexander Samad
@ 2004-10-25 9:05 ` Matteo Santori
2 siblings, 0 replies; 8+ messages in thread
From: Matteo Santori @ 2004-10-25 9:05 UTC (permalink / raw)
To: netfilter
Why don't you take a look at `man tc` ?
Greets,
M
On Sunday 24 October 2004 14:20, it clown wrote:
> Hi All,
>
> I would like to know how to limit bandwidth with iptables.I
> would like to limit bandwidth to ip's and mac address.Do i
> need another program to work with iptables or can iptables
> do it on its own?Does any one know where i can find
> something to read up on this?
>
> If iptables can not do it can i do it with squid?
>
> Regards
> _____________________________________________________________________
> For super low premiums ,click here http://www.dialdirect.co.za/quote
--
Matteo Santori / matteo<at>tilde.it
Key Fingerprint = AF3B B1BC 6338 4680 DB49 8176 E409 0870 60EC BB3E
PGP PublicKey available at: http://pgp.mit.edu
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: limiting bandwidth with iptables or squid?
2004-10-24 15:16 ` Jason Opperisano
2004-10-24 15:35 ` it clown
@ 2004-10-25 11:36 ` Andy Furniss
2004-10-29 5:54 ` it clown
1 sibling, 1 reply; 8+ messages in thread
From: Andy Furniss @ 2004-10-25 11:36 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
Jason Opperisano wrote:
> On Sun, 2004-10-24 at 10:20, it clown wrote:
>
>>Hi All,
>>
>>I would like to know how to limit bandwidth with iptables.I
>>would like to limit bandwidth to ip's and mac address.Do i
>>need another program to work with iptables or can iptables
>>do it on its own?Does any one know where i can find
>>something to read up on this?
>>
>>If iptables can not do it can i do it with squid?
>
>
> first off--you can't do "inbound" traffic shaping--only outbound.
I know your link qualifies this a bit - but I'd say you can do inbound
(narrow end of bottleneck) traffic shaping. Albeit as an inperfect
kludge and at the expense of some bandwidth. The imperfect bit being if
you really care about latency - not bandwidth shaping, I would argue
that I can do that almost perfectly as my ISP has a 600ms buffer and my
shaping at 80% of 512kbit/s never looses control enough that packets get
dropped from that.
you
> cannot control how fast incoming packets hit your machine
I assume TCP - which is clocked by acks - so the rate you dequeue does
affect the rate at which packets hit ISP buffer. Packets never hit my
machine faster than my link speed of course - which makes the queue get
filled in a burstless way.
> or how big they are--
mss clamping :-)
Andy.
you can only control how fast you allow them to leave.
>
> that being said--read chapter 9 of:
>
> http://lartc.org/howto/
>
> -j
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: limiting bandwidth with iptables or squid?
2004-10-25 11:36 ` Andy Furniss
@ 2004-10-29 5:54 ` it clown
2004-10-31 11:40 ` Andy Furniss
0 siblings, 1 reply; 8+ messages in thread
From: it clown @ 2004-10-29 5:54 UTC (permalink / raw)
To: netfilter
Hi All,
I am abit confused with tc.
I need a string to limit band whidth for ips or mac
addresses.
iptables -A PREROUTING -i eth0 -s x.x.x.x -t mangle -j MARK
--set-mark 1
will mark the packets for that ip.i think.
what string for tc do i need to limit x.x.x.x to say 5kb/s
download speed? eth0 is my internal network card of my
linux box.
Regards
On Mon, 25 Oct 2004 12:36:43 +0100
Andy Furniss <andy.furniss@dsl.pipex.com> wrote:
> Jason Opperisano wrote:
> > On Sun, 2004-10-24 at 10:20, it clown wrote:
> >
> >>Hi All,
> >>
> >>I would like to know how to limit bandwidth with
> iptables.I
> >>would like to limit bandwidth to ip's and mac
> address.Do i
> >>need another program to work with iptables or can
> iptables
> >>do it on its own?Does any one know where i can find
> >>something to read up on this?
> >>
> >>If iptables can not do it can i do it with squid?
> >
> >
> > first off--you can't do "inbound" traffic shaping--only
> outbound.
>
> I know your link qualifies this a bit - but I'd say you
> can do inbound (narrow end of bottleneck) traffic
> shaping. Albeit as an inperfect kludge and at the expense
> of some bandwidth. The imperfect bit being if you really
> care about latency - not bandwidth shaping, I would argue
> that I can do that almost perfectly as my ISP has a 600ms
> buffer and my shaping at 80% of 512kbit/s never looses
> control enough that packets get dropped from that.
> you
> > cannot control how fast incoming packets hit your
> machine
>
> I assume TCP - which is clocked by acks - so the rate you
> dequeue does affect the rate at which packets hit ISP
> buffer. Packets never hit my machine faster than my link
> speed of course - which makes the queue get filled in a
> burstless way.
>
> > or how big they are--
>
> mss clamping :-)
>
> Andy.
>
> you can only control how fast you allow them to leave.
> >
> > that being said--read chapter 9 of:
> >
> > http://lartc.org/howto/
> >
> > -j
> >
>
>
>
_____________________________________________________________________
For super low premiums ,click here http://www.dialdirect.co.za/quote
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: limiting bandwidth with iptables or squid?
2004-10-29 5:54 ` it clown
@ 2004-10-31 11:40 ` Andy Furniss
0 siblings, 0 replies; 8+ messages in thread
From: Andy Furniss @ 2004-10-31 11:40 UTC (permalink / raw)
To: it clown; +Cc: netfilter
it clown wrote:
> Hi All,
>
> I am abit confused with tc.
>
> I need a string to limit band whidth for ips or mac
> addresses.
>
> iptables -A PREROUTING -i eth0 -s x.x.x.x -t mangle -j MARK
> --set-mark 1
If you want to shape traffic from the internet to certain IPs there are
several ways -
you could mark them on the WAN interface eg. -i ppp0. If you do it in
PREROUTING and are doing NAT it won't work for local addresses, though.
If you do not care about shaping traffic headed for your shaping box and
you only have one lan interface you can set up HTB/CBQ/HFSC egress on
eth0. You could then use POSTROUTING to mark IPs which will be denatted
at that point.
>
> will mark the packets for that ip.i think.
>
> what string for tc do i need to limit x.x.x.x to say 5kb/s
> download speed? eth0 is my internal network card of my
> linux box.
>
I would use HTB - there are examples and links on www.docum.org / LARTC
how to.
You will need to run at about 80% of your link speed.
Andy.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2004-10-31 11:40 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-24 14:20 limiting bandwidth with iptables or squid? it clown
2004-10-24 15:16 ` Jason Opperisano
2004-10-24 15:35 ` it clown
2004-10-25 11:36 ` Andy Furniss
2004-10-29 5:54 ` it clown
2004-10-31 11:40 ` Andy Furniss
2004-10-25 0:15 ` Alexander Samad
2004-10-25 9:05 ` Matteo Santori
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.