Hi, I am currently using the following script to shape traffic on my linux box. I am getting ready to move the script to my linux firewall box so it shapes traffic for my home lan. I am looking to refine my rules a bit so to make bandwidth sharing a bit more efficient. Specifically I am looking to give out bound email more priority so that when a large email is sent, I want it to borrow all of the ftp bandwidth. For some reason it only borrows some of the bandwidth but not all. Here is my script: #!/bin/bash #shaping passive and active outbound ftp traffic on an internal computer without affecting inbound and lan speed # mark the outbound passive ftp packets on ports 50000-51000 iptables -t mangle -D OUTPUT -o eth0 -j MYSHAPER-OUT 2> /dev/null > /dev/null iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null iptables -t mangle -N MYSHAPER-OUT iptables -t mangle -I OUTPUT -o eth0 -j MYSHAPER-OUT # mark packets: 20 is lan traffic, 26 is active ftp and passive ftp, 30 is ACK for downloads, 35 is email iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 20 iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 59999 -j MARK --set-mark 26 iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 26 iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK --set-mark 30 iptables -t mangle -A MYSHAPER-OUT -m tcp -p tcp --dport 25 -j MARK --set-mark 35 # clear it tc qdisc del dev eth0 root #add the root qdisk tc qdisc add dev eth0 root handle 1: htb default 20 #add main rate limit class tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit #add leaf classes, 1:2 is lan, 1:3 is outbound max tc class add dev eth0 parent 1:1 classid 1:2 htb rate 100mbit tc class add dev eth0 parent 1:1 classid 1:3 htb rate 40kbps # 1:31 is ftp with lower prio, 1:32 is ACk AND email higher prio tc class add dev eth0 parent 1:3 classid 1:31 htb rate 20kbps ceil 40kbps prio 2 tc class add dev eth0 parent 1:3 classid 1:32 htb rate 20kbps ceil 40kbps prio 1 #filter traffic into classes tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:2 tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:31 tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 30 fw flowid 1:32 tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 35 fw flowid 1:32 Any comments would be greatly appreciated, Mark
On Sunday 27 November 2005 02:06, nix4me wrote:> #add main rate limit class > tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbitIn a 100mbit network, the full 100mbit can only be reached under optimal conditions (I don''t know what they are though), so I suggest you measure the actual throughput your network can reach and use this as rate, or just use a slightly lower value here.> #add leaf classes, 1:2 is lan, 1:3 is outbound max > tc class add dev eth0 parent 1:1 classid 1:2 htb rate 100mbitIf you give the LAN class the full parent class rate, you''ve got two problems. First, your parent class will already be fully booked. There is nothing left for the other classes, and HTB will have to cheat somehow to distribute bandwidth now, which may lead to unexpected results. Second, if you got a lot of LAN traffic between the router and other machines (fileserver etc.), this traffic can take up the whole line and interfere with your internet traffic. So in my opinion the rate of the LAN class should be the rate of the parent class minus the rate(s) of your internet class(es).> tc class add dev eth0 parent 1:1 classid 1:3 htb rate 40kbps > # 1:31 is ftp with lower prio, 1:32 is ACk AND email higher prio > tc class add dev eth0 parent 1:3 classid 1:31 htb rate 20kbps ceil > 40kbps prio 2 > tc class add dev eth0 parent 1:3 classid 1:32 htb rate 20kbps ceil > 40kbps prio 1You don''t have any internet traffic other than ftp and email? Regards, Andreas Klauer