Hi! I built some rules to shape traffic from my linux router in both dirrections: to the Internet and to the LAN. When i apply the rules my computer cannot acces the Internet or the LAN. Is this behavior normal? Do I need to write some rules for local IPs of my router? (I have sevaral, both on the internal and the external NICs.) Thank you for any advice! Sorin.
I posted earlier today and i forgot to attach the rules I used...
The problem was that when I apply them, the router gets isolated
from both the Internet and the LAN.
I''m sorry I reply to my post!
I don''t know if this behaviour is normal.
Here are my rules...
leaf="sfq perturb 10"
BURST="50k"
CBURST="150k"
# Deleting old qdiscs:
$tc qdisc del dev $EXT1 root &>/dev/null
$tc qdisc del dev $INT1 root &>/dev/null
# Adding three root classes: class 1:A = LAN (100 Mbit/s) MARK = 0x2;
# class 1:B = MAN (1 Mbit/s) MARK = 0x1; class 1:C = Internet (256 kbit/s)
# Also the packets have the TOS field altered by the iptables-script so
# that they are either Minimized-Delay or Maximize-Throughput based on
# their length.
for DEV in ` echo $INT1 $EXT1 `; do
$tc qdisc add dev $DEV root handle 1: htb default FF
# Class MAN
$tc class add dev $DEV parent 1: classid 1:B htb \
rate $ROOT_MAN_RATE$kbit ceil $ROOT_MAN_CEIL$kbit \
burst $BURST cburst $CBURST
# Class Internet
$tc class add dev $DEV parent 1: classid 1:C htb \
rate $ROOT_NET_RATE$kbit ceil $ROOT_NET_CEIL$kbit \
burst $BURST cburst $CBURST
# Class default
$tc class add dev $DEV parent 1: classid 1:FF htb \
rate $BULK_NET_RATE$kbit ceil $BULK_NET_CEIL$kbit
$tc qdisc add dev $DEV parent 1:FF handle FF: $leaf
done
# Class LAN
$tc class add dev $INT1 parent 1: classid 1:A htb \
rate $LAN_RATE$Mbit ceil $LAN_RATE$Mbit \
burst $BURST cburst $CBURST
$tc qdisc add dev $INT1 parent 1:A handle A: $leaf
$tc filter add dev $INT1 parent 1: protocol ip prio 1 \
u32 match mark 0x2 0xffffffff flowid 1:A
# Reading the list of clients form a file (one client per line)
# Cutting out some detailes about reading that file $hIP is the
# last part of the client''s IP written in hexa
# (the network is 192.168.0.0/24)
for CLIENT in $THATFILE; do
# Setting speeds in MAN:
for DEV in ` echo $EXT1 $INT1 `; do
$tc class add dev $DEV parent 1:B classid 1:B$hIP htb \
rate $MANRATE ceil $MANCEIL \
burst $BURST cburst $CBURST &>/dev/null
$tc qdisc add dev $DEV parent 1:B$hIP handle B$hIP: \
$leaf &>/dev/null
done
# Setting speeds in the Internet
for DEV in ` echo $EXT1 $INT1 `; do
$tc class add dev $DEV parent 1:C classid 1:C$hIP htb \
rate $NETRATE ceil $NETCEIL \
burst $BURST cburst $CBURST &>/dev/null
$tc qdisc add dev $DEV parent 1:C$hIP handle C$hIP: \
$leaf &>/dev/null
done
$tc filter add dev $INT1 parent 1: protocol ip prio 1 u32 \
match ip dst $MAXIP/32 \
match mark 0x1 0xffffffff \
flowid 1:B$hIP
$tc filter add dev $EXT1 parent 1: protocol ip prio 1 u32 \
match ip src $MAXIP/32 \
match mark 0x1 0xffffffff \
flowid 1:B$hIP
$tc filter add dev $INT1 parent 1: protocol ip prio 1 u32 \
match ip dst $MAXIP/32 \
flowid 1:C$hIP
$tc filter add dev $EXT1 parent 1: protocol ip prio 1 u32 \
match ip src $MAXIP/32 \
flowid 1:C$hIP
done
Tank you in advance!
> When i apply the rules my computer cannot acces the Internet or the > LAN. Is this behavior normal? Do I need to write some rules for local > IPs of my router? (I have sevaral, both on the internal and theGenerally speaking, queue disciplines/classes of a particular network interface don''t take in account whether outgoing packets being queued were generated by localhost or are forwarded from other hosts. So more probable reason of the effect described could be that your QoS setup limits packets originating from localhost to very low rate (say, 0kbps), effectively dropping them. Or that could be a firewall misconfiguration. Hope this hint helps. -- DO4-UANIC
Denis Ovsienko wrote:> So more probable reason of the effect described could be that your QoS > setup limits packets originating from localhost to very low rate (say, > 0kbps), effectively dropping them. Or that could be a firewall > misconfiguration. Hope this hint helps.Tank you! That was the problem: localy generated traffic was going to the default class. I''ve added some filters for it and now it works fine. Firewall configuration was added and tested long before the implementation of qdiscs. It works ok.