Hi all! I have a problem setting up HTB on my home network. I have a network: 192.168.1.0/24 and I want to limit the download to 200 KB to every IP from my city ( I have the IP''s of most ISPs). The thing is that I I want to limit the international traffic too (I do not use BGP) and set it to 15 KB. Can someone help with this setup? Thanks! Best regards, -- George -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
http://metropolitana.loginet.ro/ and reat that stuff, or you can try to diferentiate metro/interfor for download asking your ISP if they set a specific DSCP for it. For upload limitting, i add routes for all metropolitan ips (or bgp does it automatically), and the default route has a special realm. You can then match the realm in FORWARD or POSTROUTING chain in mangle and set a mark to those packets, then mark every ip with a different mark. ex: eth0 - your ISP (let''s say GTS) eth1 - your lan 192.168.1.0/24 Gts uses 32 value as dscp for international traffic (0x20) tc qdisc add dev eth1 root handle 1: htb r2q 1 tc class add dev eth1 parent 1: classid 1:999 htb rate 90mbit tc class add dev eth1 parent 1:999 classid 1:1 htb rate 2mbit tc class add dev eth1 parent 1:999 classid 1:998 htb rate 80mbit #client with ip 192.168.1.2 has at most 1mbit for metro, 128kbit for external tc class add dev eth1 parent 1:1 classid 1:2 htb rate 256kbit #Your total external bandwith tc class add dev eth1 parent 1:1 classid 1:11 htb rate 12kbit ceil 1mbit #metro for client 1 tc class add dev eth1 parent 1:2 classid 1:21 htb rate 8kbit ceil 128kbit #external for first client FIlters are: tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match ip dst 192.168.1.2/32 match tos 0x80 0xfc classid 1:21 tc filter add dev eth1 parent 1: protocol ip prio 2 u32 match ip dst 192.168.1.2/32 classid 1:11 A global filter for lan traffic would be: tc filter add dev eth1 parent 1: protocol ip prio 0 u32 math ip src 192.168.1.1/32 classid 1:998 For upload, after you make a script to add all metropolitan routes: ip ro add $prefix via $isp_gw and the default route would be: ip ro add default via $isp_gw realm 6 Check /etc/iproute2/rt_realms iptables -t mangle -N metro-up iptables -t mangle -N ext-up iptables -t mangle -A FORWARD -o eth0 -m realm --realm 6 -j ext-up iptables -t mangle -A FORWARD -o eth0 -m realm --realm 6 -j ACCEPT iptables -t mangle -A FORWARD -o eth0 -j metro-up iptables -t mangle -A ext-up -s 192.168.1.2 -j MARK --set-mark 0x21 iptables -t mangle -A metro-up -s 192.168.1.2 -j MARK --set-mark 0x11 add classes similar to eth1 tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x21 fw classid 1:21 tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x11 fw classid 1:11 On Sat, 12 Feb 2005 14:08:55 +0200, George Vasiliu <gvasiliu@bitdefender.com> wrote:> Hi all! > I have a problem setting up HTB on my home network. > I have a network: 192.168.1.0/24 and I want to limit the download to 200 KB to > every IP from my city ( I have the IP''s of most ISPs). The thing is that I I > want to limit the international traffic too (I do not use BGP) and set it > to 15 KB. Can someone help with this setup? Thanks! > > Best regards, > -- > George > > -- > This message was scanned for spam and viruses by BitDefender. > For more information please visit http://linux.bitdefender.com/ > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >-- Bla bla _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
George Vasiliu wrote:> > Hi all! > I have a problem setting up HTB on my home network. > I have a network: 192.168.1.0/24 and I want to limit the download to 200 KB to > every IP from my city ( I have the IP''s of most ISPs). The thing is that I I > want to limit the international traffic too (I do not use BGP) and set it > to 15 KB. Can someone help with this setup? Thanks! > > Best regards, > -- > GeorgeYou cannot shape downloads, only uploads. You must "police" downloads, which means to drop all packets that are over the specified limit. Since you know IP ranges, sounds to me like you want one of the iptables add ons that does rate limiting. -- gypsy _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
gypsy wrote:> George Vasiliu wrote: > >>Hi all! >>I have a problem setting up HTB on my home network. >>I have a network: 192.168.1.0/24 and I want to limit the download to 200 KB to >>every IP from my city ( I have the IP''s of most ISPs). The thing is that I I >>want to limit the international traffic too (I do not use BGP) and set it >> to 15 KB. Can someone help with this setup? Thanks! >> >>Best regards, >>-- >>George > > > You cannot shape downloads, only uploads. You must "police" downloads, > which means to drop all packets that are over the specified limit.You can - it''s just not perfect bacause you are at the wrong end of the bottleneck - policing doesn''t do it perfectly either IMO shaping (ratelimiting) is still better than policing.> > Since you know IP ranges, sounds to me like you want one of the iptables > add ons that does rate limiting. > -- > gypsy > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Saturday 12 February 2005 17:12, George Alexandru Dragoi wrote: Ok. Thank you for the quick answer. I will do what you have said and, hopefully I won''t need help again :) George> http://metropolitana.loginet.ro/ and reat that stuff, or > > you can try to diferentiate metro/interfor for download asking your > ISP if they set a specific DSCP for it. For upload limitting, i add > routes for all metropolitan ips (or bgp does it automatically), and > the default route has a special realm. You can then match the realm in > FORWARD or POSTROUTING chain in mangle and set a mark to those > packets, then mark every ip with a different mark. ex: > > eth0 - your ISP (let''s say GTS) > eth1 - your lan 192.168.1.0/24 > > Gts uses 32 value as dscp for international traffic (0x20) > > tc qdisc add dev eth1 root handle 1: htb r2q 1 > > tc class add dev eth1 parent 1: classid 1:999 htb rate 90mbit > tc class add dev eth1 parent 1:999 classid 1:1 htb rate 2mbit > tc class add dev eth1 parent 1:999 classid 1:998 htb rate 80mbit > #client with ip 192.168.1.2 has at most 1mbit for metro, 128kbit for > external tc class add dev eth1 parent 1:1 classid 1:2 htb rate 256kbit > #Your total external bandwith > > tc class add dev eth1 parent 1:1 classid 1:11 htb rate 12kbit ceil > 1mbit #metro for client 1 > tc class add dev eth1 parent 1:2 classid 1:21 htb rate 8kbit ceil > 128kbit #external for first client > > FIlters are: > > tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match ip dst > 192.168.1.2/32 match tos 0x80 0xfc classid 1:21 > tc filter add dev eth1 parent 1: protocol ip prio 2 u32 match ip dst > 192.168.1.2/32 classid 1:11 > > A global filter for lan traffic would be: > tc filter add dev eth1 parent 1: protocol ip prio 0 u32 math ip src > 192.168.1.1/32 classid 1:998 > > For upload, after you make a script to add all metropolitan routes: > > ip ro add $prefix via $isp_gw > > and the default route would be: > > ip ro add default via $isp_gw realm 6 > > Check /etc/iproute2/rt_realms > > iptables -t mangle -N metro-up > iptables -t mangle -N ext-up > iptables -t mangle -A FORWARD -o eth0 -m realm --realm 6 -j ext-up > iptables -t mangle -A FORWARD -o eth0 -m realm --realm 6 -j ACCEPT > iptables -t mangle -A FORWARD -o eth0 -j metro-up > > iptables -t mangle -A ext-up -s 192.168.1.2 -j MARK --set-mark 0x21 > iptables -t mangle -A metro-up -s 192.168.1.2 -j MARK --set-mark 0x11 > > add classes similar to eth1 > > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x21 fw classid > 1:21 tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x11 fw > classid 1:11 > > On Sat, 12 Feb 2005 14:08:55 +0200, George Vasiliu > > <gvasiliu@bitdefender.com> wrote: > > Hi all! > > I have a problem setting up HTB on my home network. > > I have a network: 192.168.1.0/24 and I want to limit the download to 200 > > KB to every IP from my city ( I have the IP''s of most ISPs). The thing is > > that I I want to limit the international traffic too (I do not use BGP) > > and set it to 15 KB. Can someone help with this setup? Thanks! > > > > Best regards, > > -- > > George > > > > -- > > This message was scanned for spam and viruses by BitDefender. > > For more information please visit http://linux.bitdefender.com/ > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > -- > Bla bla > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/-- George Vasiliu BitDefender Technical Support Engineer ------------------------------------- SOFTWIN, Data Security Division ------------------------------------- HEADQUARTERS: e-mail: support@bitdefender.com phone: +(4021) 233 18 52 fax: (+4021) 233.07.63 Bucharest, ROMANIA http://www.bitdefender.com http://www.softwin.ro ESPAÃA: e-mail: soporte@bitdefender-es.com Barcelona, ESPAÃA http://www.bitdefender-es.com ------------------------------------- secure your every bit ------------------------------------- -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/