I have a single DSL connection I share with 7 computers and wish to divide the
bandwidth. I will be adding another one later and hope to divide the traffic
and re-route to one if the other fails, but that is a nother project. The
connection is 384/128. I am able to control the downstream traffic, but the
upstream traffic has proven to be more challenging. It seems that the
Masquerading takes place between adapters, so all the traffic to the outbound
adapter appears to be from the same IP. I can control the traffic if I specify
the IP of the outbound adapter, but reference to the LAN address has no affect.
Here is a summary of my setup
eth1 (internet)
|
eth0 (LAN)
|
Switch
|
Comp1-Comp2-Comp3-etc.
I tried to filter the outbound traffic on eth0 by adding subclasses for outbound
traffic to eth1 and filtering by src but I could not seem to get that to work
either.
Here is my latest effort:
#Down
tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt 1000
tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 100Mbit rate
100Mbit allot 1514 weight 10Mbit prio 8 maxburst 200 avpkt 1000 bounded
tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 384Kbit rate
256Kbit allot 1514 weight 12Kbit prio 5 maxburst 20 avpkt 1000 bounded
tc class add dev eth0 parent 10:1 classid 10:200 cbq bandwidth 384Kbit rate
90Kbit allot 1514 weight 12Kbit prio 5 maxburst 20 avpkt 1000 bounded
tc qdisc add dev eth0 parent 10:1 sfq quantum 1514b perturb 15
tc qdisc add dev eth0 parent 10:100 sfq quantum 1514b perturb 15
tc qdisc add dev eth0 parent 10:200 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 10:0 protocol ip prio 25 u32 match ip src
192.168.0.10 flowid 10:1
tc filter add dev eth0 parent 10:0 protocol ip prio 25 u32 match ip dst
192.168.0.2 flowid 10:100
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst
192.168.0.3 flowid 10:200
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst
192.168.0.14 flowid 10:200
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst
192.168.0.15 flowid 10:200
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst
192.168.0.20 flowid 10:200
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst
192.168.0.0/24 flowid 10:200
# Up
tc class add dev eth0 parent 10:1 classid 10:300 cbq bandwidth 128Kbit rate
96Kbit allot 1514 weight 9Kbit prio 5 maxburst 20 avpkt 1000 bounded
tc class add dev eth0 parent 10:1 classid 10:400 cbq bandwidth 128Kbit rate
16Kbit allot 1514 weight 3Kbit prio 5 maxburst 20 avpkt 1000 bounded
tc qdisc add dev eth0 parent 10:300 sfq quantum 1514b perturb 15
tc qdisc add dev eth0 parent 10:400 sfq quantum 1514b perturb 15
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src
192.168.0.1 flowid 10:400
tc filter add dev eth0 parent 10:0 protocol ip prio 25 u32 match ip src
192.168.0.2 flowid 10:300
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src
192.168.0.3 flowid 10:400
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src
192.168.0.14 flowid 10:400
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src
192.168.0.15 flowid 10:400
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src
192.168.0.20 flowid 10:400
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src
192.168.0.0/24 flowid 10:400
I would also be very interested in documentation that clearly defines the
commands and variables. For example. what is prio and what is the significance
of it''s value as with weight and maxburst. Can I filter on src and
dst on the same line?
Thanks,
Kurt
On Fri, 8 Jun 2001, streeterk wrote:> I have a single DSL connection I share with 7 computers and wish to divide the bandwidth. I will be adding another one later and hope to divide the traffic and re-route to one if the other fails, but that is a nother project. The connection is 384/128. I am able to control the downstream traffic, but the upstream traffic has proven to be more challenging. It seems that the Masquerading takes place between adapters, so all the traffic to the outbound adapter appears to be from the same IP. I can control the traffic if I specify the IP of the outbound adapter, but reference to the LAN address has no affect. Here is a summary of my setup > > eth1 (internet) > | > eth0 (LAN) > | > Switch > | > Comp1-Comp2-Comp3-etc. > > I tried to filter the outbound traffic on eth0 by adding subclasses for outbound traffic to eth1 and filtering by src but I could not seem to get that to work either. > > Here is my latest effort:[snip] Mayby you should try to mark incoming packets from the local network with the firewall (iptables or ipchains). You can add a filter in tc depending on the fw mark and redirect the packet into the correct class. -- GnuPG public key: http://win-www.uia.ac.be/u/s965817/pub.key fingerprint = A3C4 DE50 712D 4FA8 C564 4D96 5E06 C9CC ECFA 19C5