Alexandra Alvarado wrote:>
> Thanks for answer my question, but...
>
> If i want to be more specific in my ipchains rules, and i want to
> control the output bandwidth of eth1 card (that means the input traffic
> of eth0 card), must i make a setup like this?
>
> Internet eth0 (207.87.93.32)|---------| eth1 /--- 10.10.10.0/28
> (intranet - PRIVATE addresses)
> --------------------| LINUX |-----<HUB>
> |---------| eth1:0 \--- 63.121.156.184/29
> (intranet - Voice Service -
> PUBLIC (Virtual Interface)
>
> WHAT AM I CONTROLING HERE? OUTGOING OF ETH0?
Yes, outgoing of eth0 BUT you have the wrong ipchains rules. The first
one has as the source 207.87.93.32. It has to be 63.121.156.184/29.
And you don''t need to add -j ACCEPT.
>
> ipchains -A input i eth1 -s 207.87.93.32 -d 0/0 -j ACCEPT -m 1
> ipchains -A input i eth1 -s 10.10.10.0/28 -d 0/0 -j ACCEPT -m 1
>
> tc qdisc add dev eth0 root handle 10: cbq bandwidth 10Mbit avpkt 1000
> tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 10Mbit rate
> 10Mbit allot 1514 weight 1Mbit \ prio 8 maxburst 20
avpkt 1000
> tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 10Mbit
> rate 64Kbit allot 1514 weight 6Kbit \ prio 5 maxburst 20
avpkt 1000
> bounded
> tc qdisc add dev eth0 parent 10:100 sfq quantum 1514b perturb 15
> tc filter add dev eth0 protocol ip handle 1 fw classid 10:100
>
> WHAT AM I CONTROLING HERE? OUTGOING OF ETH1?
Same problem, wrong filters. First one is OK, but second one has to be
63.121.156.184/29.
>
> ipchains -A input -i eth0 -d 207.87.93.32 -j ACCEPT -m 2
> ipchains -A input -i eth0 -d 10.10.10.0/28 -j ACCEPT -m 2
>
> tc qdisc add dev eth1 root handle 20: cbq bandwidth 10Mbit avpkt 1000
> tc class add dev eth1 parent 20:0 classid 20:1 cbq bandwidth 10Mbit rate
> 10Mbit allot 1514 weight 1Mbit \ prio 8 maxburst 20
avpkt 1000
> tc class add dev eth1 parent 20:1 classid 20:100 cbq bandwidth 10Mbit
> rate 64Kbit allot 1514 weight 6Kbit \ prio 5 maxburst 20
avpkt 1000
> bounded
> tc qdisc add dev eth1 parent 20:100 sfq quantum 1514b perturb 15
> tc filter add dev eth1 protocol ip handle 2 fw classid 20:100
If you want to control ALL outgoing bandwidth on a NIC, you can attach a
TBF as the first root qdisc :
tc qdisc add dev eth0 root handle 10: tbf rate 64kbit buffer 20Kb/8
limit 15Kb
tc qdisc add dev eth1 root handle 10: tbf rate 64kbit buffer 20Kb/8
limit 15Kb
>
> Thanks
>
> Alexandra
>
> Stef Coene wrote:
> >
> > Alexandra Alvarado wrote:
> > >
> > > Hello,
> > >
> > > I need somebody to help me with an example that control incoming
packets
> > > to 64Kbit and outgoing packets to 64Kbit from external interface
of the
> > > linux but using ipchains rules.
> > You can''t control incoming bandwidth. For outgoing bandwidth
:
> >
> > - mark the packets witm -m option of ipchains :
> > ipchains -A output -p tcp -m 1
> >
> > - use the mark in a filter :
> > tc filter add $DEV parent 10: protocol ip prio 3 handle 1 fw
> > classid 10:2
> >
> > - set up a bounded class 10:2 :
> > tc qdisc add $DEV root handle 10: cbq bandwidth 10mbit avpkt
1000
> > tc class add $DEV parent 10:0 classid 10:2 cbq bandwidth 10mbit
> > rate 64kbit allot 1514 maxburst 20 avpkt 1000 prio 4 isolated bounded
--
Stef
More QOS info : http://users.belgacom.net/staf/