I have a single DSL connection I share with 7 computers and wish to divide the bandwidth. I will be adding another one later and hope to divide the traffic and re-route to one if the other fails, but that is a nother project. The connection is 384/128. I am able to control the downstream traffic, but the upstream traffic has proven to be more challenging. It seems that the Masquerading takes place between adapters, so all the traffic to the outbound adapter appears to be from the same IP. I can control the traffic if I specify the IP of the outbound adapter, but reference to the LAN address has no affect. Here is a summary of my setup eth1 (internet) | eth0 (LAN) | Switch | Comp1-Comp2-Comp3-etc. I tried to filter the outbound traffic on eth0 by adding subclasses for outbound traffic to eth1 and filtering by src but I could not seem to get that to work either. Here is my latest effort: #Down tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt 1000 tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 100Mbit rate 100Mbit allot 1514 weight 10Mbit prio 8 maxburst 200 avpkt 1000 bounded tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 384Kbit rate 256Kbit allot 1514 weight 12Kbit prio 5 maxburst 20 avpkt 1000 bounded tc class add dev eth0 parent 10:1 classid 10:200 cbq bandwidth 384Kbit rate 90Kbit allot 1514 weight 12Kbit prio 5 maxburst 20 avpkt 1000 bounded tc qdisc add dev eth0 parent 10:1 sfq quantum 1514b perturb 15 tc qdisc add dev eth0 parent 10:100 sfq quantum 1514b perturb 15 tc qdisc add dev eth0 parent 10:200 sfq quantum 1514b perturb 15 tc filter add dev eth0 parent 10:0 protocol ip prio 25 u32 match ip src 192.168.0.10 flowid 10:1 tc filter add dev eth0 parent 10:0 protocol ip prio 25 u32 match ip dst 192.168.0.2 flowid 10:100 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst 192.168.0.3 flowid 10:200 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst 192.168.0.14 flowid 10:200 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst 192.168.0.15 flowid 10:200 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst 192.168.0.20 flowid 10:200 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst 192.168.0.0/24 flowid 10:200 # Up tc class add dev eth0 parent 10:1 classid 10:300 cbq bandwidth 128Kbit rate 96Kbit allot 1514 weight 9Kbit prio 5 maxburst 20 avpkt 1000 bounded tc class add dev eth0 parent 10:1 classid 10:400 cbq bandwidth 128Kbit rate 16Kbit allot 1514 weight 3Kbit prio 5 maxburst 20 avpkt 1000 bounded tc qdisc add dev eth0 parent 10:300 sfq quantum 1514b perturb 15 tc qdisc add dev eth0 parent 10:400 sfq quantum 1514b perturb 15 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src 192.168.0.1 flowid 10:400 tc filter add dev eth0 parent 10:0 protocol ip prio 25 u32 match ip src 192.168.0.2 flowid 10:300 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src 192.168.0.3 flowid 10:400 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src 192.168.0.14 flowid 10:400 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src 192.168.0.15 flowid 10:400 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src 192.168.0.20 flowid 10:400 tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip src 192.168.0.0/24 flowid 10:400 I would also be very interested in documentation that clearly defines the commands and variables. For example. what is prio and what is the significance of it''s value as with weight and maxburst. Can I filter on src and dst on the same line? Thanks, Kurt
On Fri, 8 Jun 2001, streeterk wrote:> I have a single DSL connection I share with 7 computers and wish to divide the bandwidth. I will be adding another one later and hope to divide the traffic and re-route to one if the other fails, but that is a nother project. The connection is 384/128. I am able to control the downstream traffic, but the upstream traffic has proven to be more challenging. It seems that the Masquerading takes place between adapters, so all the traffic to the outbound adapter appears to be from the same IP. I can control the traffic if I specify the IP of the outbound adapter, but reference to the LAN address has no affect. Here is a summary of my setup > > eth1 (internet) > | > eth0 (LAN) > | > Switch > | > Comp1-Comp2-Comp3-etc. > > I tried to filter the outbound traffic on eth0 by adding subclasses for outbound traffic to eth1 and filtering by src but I could not seem to get that to work either. > > Here is my latest effort:[snip] Mayby you should try to mark incoming packets from the local network with the firewall (iptables or ipchains). You can add a filter in tc depending on the fw mark and redirect the packet into the correct class. -- GnuPG public key: http://win-www.uia.ac.be/u/s965817/pub.key fingerprint = A3C4 DE50 712D 4FA8 C564 4D96 5E06 C9CC ECFA 19C5