Indunil Jayasooriya
2007-Aug-08 07:23 UTC
[CentOS] Allocating 64 kbits/s out of 256 kbits/s for one LAN behind firewall
Hi, I have a CENTOS BOX as a firewall . both iptabes and iproute 2 are running on it. pls see bleow for installed RPMs. [root at firebox ~]# rpm -qa |grep iptables iptables-1.2.11-3.1.RHEL4 [root at firebox ~]# rpm -qa |grep iproute iproute-2.6.9-3.EL4.7 It has 3 ethernet cards. pls see below. eth0 - internet ip (pls asume. 1.2.3.4/29 ). it connects to ISP router. eth1 - 192.168.100.254 eth2 - 192.168.101.254 There are 2 LANs behind this firewall. both LANs have access to internet due to SNAT rules in the firewall. I have given many SNAT rules per ip basic. some users have full access, some have only web and smtp. I have added many forward rules to suit those SNAT rules. All work fine. one LAN is 192.168.100.0/24, while the other LAN is 192.168.101.0/24 Now, I want LAN with 192.168.101.0/24 to allocate 64 kbit out of 256 kbit. the rest for others. I added rules to the firewall. But I still can not allocate 64 kbit for LAN with 192.168.101.0/24 I think I need a PREROUTING chain for LAN with 192.168.101.0/24 Script is given below. INTERFAZ_INT=eth0 FULLBANDWIDTH=256 BANDWIDTH4LAN=64 iptables -t mangle -A PREROUTING -s 192.168.101.0/24<http://192.168.102.0/24>-j MARK --set-mark 0x5 tc qdisc add dev $INTERFAZ_INT root handle 1 htb r2q 4 tc class add dev $INTERFAZ_INT parent 1: classid 1:2 htb rate "$FULLBANDWIDTH"Kbit tc class add dev $INTERFAZ_INT parent 1: classid 1:5 htb rate "$BANDWIDTH4LAN"Kbit tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10 tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 5 fw classid 1:5 Still no luck. after applying the obove rules, I downloaded an centos ISO image. But , I still can download @ the usual rate. ( i.e 30-33 kbytes per seconds). If these rules work, I will be able to download @ about 8 kbyes per second. (i.e - 8*8 kbit= 64 kbit) That is what I expect ? Where have I gone wrong? -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070808/5547403d/attachment-0001.html>
Apparently Analagous Threads
- Re: Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall (SOLVED)
- Allocating 64 kbits/s out of 256 kbits/s for one LAN behing firewall
- Can we use 2 tc filter rules with the same prio
- subdivide 64 kbit bandwidth 32kbit for WWW and 32 Kbit for mail
- [JOB] RoR/PHP Developer needed - London, SW2
Wisdom of the Ancients
