From: "Edmund Turner" <eturner@monash.edu.my>
To: lartc@vger.kernel.org
Subject: [LARTC] (no subject)
Date: Thu, 23 Oct 2003 10:47:45 +0000 [thread overview]
Message-ID: <marc-lartc-106690714916798@msgid-missing> (raw)
In-Reply-To: <marc-lartc-98373938216902@msgid-missing>
Hey guys and gals,
Sorry for the 'newbie' question, but I would like to get some help on
configuring my HTB qdiscs form my network. My network setup:
LAN --> Firewall --> Router -->Internet
|
|
--> DMZ
So much for the Ascii artist in me. :)
The firewall has 3 interfaces:
Eth0 = LAN --> 100Mbps NIC
Eth1 = DMZ --> 100Mbps NIC
Eth2 = Internet --> 4MB link to internet
Backgrond:
DMZ Zone Eth1: Web/FTP, and SMTP servers. (100Mbps switches and NICs)
I notice that users download A LOT of data at high transfer rates from a
servers in DMZ zone.
WEB/FTP server :10.100.1.1/24
SMTP server:10.100.1.2/24
LAN Eth0: I have 3 different VLANs to categories the 3 different
departments.
VLAN1 -192.168.1.0/24
VLAN2 -192.168.2.0/24
VLAN3 -192.168.3.0/24
External Eth2 : 4MB Leased line to the internet.
Currently my router that is connected to the 4MB leased line is becoming
the bottleneck! How do I make the firewall Eth0 become the
bottleneck????
My objectives:
1.) I want to limit the bandwidth from the WEB/FTP servers from the DMZ
to either the internet or the LAN.
This is what I did:
tc qdisc add dev eth0 root handle 1: htb default 10
tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbps ceil
256kbps prio 7
tc filter add dev eth0 protocol ip parent 1:1 prio 7 handle 7 fw classid
1:10
tc qdisc add dev eth1 root handle 2: htb default 10
tc class add dev eth1 parent 2: classid 2:1 htb rate 3840kbps
tc class add dev eth1 parent 2:1 classid 2:10 htb rate 128kbps ceil
128kbps prio 7
tc filter add dev eth1 protocol ip parent 2:1 prio 7 handle 7 fw classid
2:10
tc qdisc add dev eth2 root handle 3: htb default 10
tc class add dev eth2 parent 3: classid 3:1 htb rate 3840kbps
tc class add dev eth2 parent 3:1 classid 3:10 htb rate 128kbps prio 7
tc filter add dev eth2 protocol ip parent 3:1 prio 7 handle 7 fw classid
3:10
/sbin/iptables -A PREROUTING -I eth1 -s 10.100.1.1 -t mangle -j MARK
--set-mark 7
/sbin/iptables -A PREROUTING -I eth1 -d 10.100.1.1 -t mangle -j MARK
--set-mark 7
After testing Via FTP/web downloads. It appears that Ive managed to
limit the amount of bandwidth thru and from the FTP/WEB server from the
DMZ. All other traffic (internet surfing etc) will fall into the default
rules correct? Did I miss anything out?
I would like to limit the max amount of bandwidth on Eth0 to 10MB
I would like to limit the max amount of bandwidth on Eth0 to 3840kbps
I would like to limit the max amount of bandwidth on Eth2 to 3840kbps.
(4MB leased line to internet.
Did I accomplish this?
Any help in anyway is appreciated!
Regards
edmund
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-10-23 10:47 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <marc-lartc-98373938216902@msgid-missing>
2000-12-06 0:19 ` [LARTC] (no subject) sun
2001-04-06 19:37 ` siddhardha garige
2001-04-06 19:46 ` linux
2001-07-03 17:22 ` Jose Miguel Varet
2002-03-13 14:16 ` Rajesh Revuru
2002-03-29 8:19 ` Vahan Grigoryan
2002-03-29 11:03 ` Vahan Grigoryan
2002-03-29 11:15 ` martin f krafft
2002-04-19 12:42 ` Emil Terziev
2002-04-19 12:56 ` Alex Bennee
2002-04-20 9:18 ` Waters
2002-04-20 13:10 ` Mihai RUSU
2002-04-20 19:56 ` Stef Coene
2002-04-20 22:07 ` Re[2]: " Waters
2002-04-20 22:44 ` pof
2002-05-03 9:09 ` Nandan Kaushik
2002-05-03 10:21 ` Stef Coene
2002-05-03 14:52 ` Adrian Chung
2002-05-03 16:38 ` Lei Bao
2002-05-18 15:21 ` William L. Thomson Jr.
2002-05-19 18:05 ` Martin Devera
2002-05-23 9:38 ` Karasik, Vitaly
2002-05-23 9:43 ` Alexey Talikov
2002-06-06 11:58 ` alouini khalif
2002-07-25 2:31 ` Alfred Quah
2002-07-25 5:52 ` Stef Coene
2002-08-18 11:28 ` noroozi
2002-08-18 13:40 ` Eric Leblond
2002-09-30 8:31 ` Fred Thep
2002-10-11 18:40 ` Albuquerque, Marcelo M
2002-10-11 19:36 ` Stef Coene
2002-10-11 21:17 ` Albuquerque, Marcelo M
2002-10-15 18:40 ` Stef Coene
2002-10-25 9:46 ` Andreani Luca
2002-10-25 11:15 ` raptor
2002-10-26 23:20 ` zoop
2002-11-16 21:54 ` Waters
2002-11-16 22:18 ` Stef Coene
2002-11-17 6:11 ` Ashok N N
2002-11-21 12:41 ` ajay
2003-02-26 8:02 ` Kjell Chris Flor
2003-03-02 0:54 ` Martin A. Brown
2003-03-02 10:51 ` Kjell Chris Flor
2003-03-08 20:16 ` Stef Coene
2003-03-21 22:38 ` Kjell Chris. Flor
2003-03-21 22:54 ` Nickola Kolev
2003-03-22 3:03 ` Kjell Chris. Flor
2003-03-22 10:22 ` Nickola Kolev
2003-04-06 18:19 ` GoMi .
2003-04-18 17:21 ` rio
2003-04-18 19:19 ` Stef Coene
2003-04-21 19:30 ` larry lefthook
2003-04-21 20:24 ` Martin A. Brown
2003-06-05 10:33 ` Alejandro Sager
2003-07-30 17:04 ` Daniel Ardelian
2003-07-30 19:02 ` Stef Coene
2003-09-01 18:05 ` Gabriel Corcodel
2003-09-01 19:10 ` Stef Coene
2003-09-04 2:20 ` Randolph Carter
2003-09-25 6:37 ` Senthil Nathan V
2003-10-23 10:47 ` Edmund Turner [this message]
2003-10-27 8:08 ` Edmund Turner
2003-10-30 5:51 ` Edmund Turner
2003-10-30 10:12 ` Stef Coene
2003-10-31 5:10 ` Edmund Turner
2003-11-27 17:08 ` Emmanuel
2004-01-12 18:14 ` james jones
2004-02-26 22:53 ` Georgi Moskov
2004-03-06 18:44 ` Sam
2004-04-07 14:12 ` Ibrahim Cherri
2004-04-07 23:02 ` Roy
2004-05-26 13:21 ` Amita Maheshwari
2004-07-19 9:19 ` Anton Glinkov
2004-07-19 12:04 ` Ed Wildgoose
2004-08-16 8:29 ` Alin Nonosel
2004-09-07 14:22 ` james jones
2004-11-15 11:41 ` tepesu
2005-01-03 3:03 ` Oswin Budiman
2005-02-12 18:57 ` naveen andrew
2005-04-26 15:46 ` Stanislav Nedelchev
2005-07-12 9:34 ` Supratim Mitra
2005-10-10 3:13 ` KOMUNIKA SYSTEM
2005-10-15 16:59 ` KOMUNIKA SYSTEM
2005-10-15 20:31 ` Marek Kierdelewicz
2005-10-20 22:21 ` comp.techs
2006-02-20 13:11 ` Greg Scott
2007-03-28 6:27 ` Leigh Sharpe
2007-09-29 8:59 ` Anirudh Gottumukkala)me in Google Accounts (Anirudh Gottumukkala
2002-10-12 16:28 [LARTC] <no subject> Samuel Kerschbaumer
2002-10-12 16:55 ` Stef Coene
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106690714916798@msgid-missing \
--to=eturner@monash.edu.my \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox