I have a Smoothwall like firewall and proxy, I would like to establish a bandwidth I inside specify for each IP my network. But that I have been able to do it is to install the QoS to him but it is not sufficient. Somebody can help me? My English is very bad, pardon if this badly written, I had to use a translator.
Rene I have a list of questions for you: 1) Can we get a simple layout of your network? 2) Are you wanting to set a bandwidth limit on how much traffic each individual computer in your network can send out to the world (outbound tc filter)? 3) Are you wanting to set a bandwidth limit on how much traffic each individual computer in your network can receive in from the world (inbound tc filter)? 4) Are you wanting to set a bandwidth limit on how much traffic each individual computer in your network can send out to the world and set a bandwidth limit on how much traffic each individual computer in your network can receive in from the world (inbound and outbound tc filter)? 5) How many computers are on your network? 6) How many of the computers on your network are you wanting to rate limit? 7) Do you have any types of traffic on your network that you want to give priority to (interactive SSH verses bulk file transfer FTP) or is all traffic equally important? 8) Are you wanting to lock your computers at a specific rate or just share the aggregate bandwidth equally (or proportionately depending on priority)? 9) If one computer has used all of it''s allocated bandwidth do you want it to be able to use any excess bandwidth from another computer that is not using all of it''s bandwidth? These are just some of the questions that come to mind immediately. Don''t worry about your English, we can work through it. Grant. . . . Rene Casasola wrote:> I have a Smoothwall like firewall and proxy, I would like to establish > a bandwidth I inside specify for each IP my network. But that I have > been able to do it is to install the QoS to him but it is not > sufficient. Somebody can help me? > > My English is very bad, pardon if this badly written, I had to use a translator.
Answers... 1)Can we get a simple layout of your network? WAN-(Red eth1)SMOOTHWALL(Green th0)- Network: 192.168.1.0/24, Gateway: 192.168.1.250, Broadcast: 192.168.1.255 2) Are you wanting to set a bandwidth limit on how much traffic each individual computer in your network can send out to the world (outbound tc filter)? Yes, 15 Kbps 3) Are you wanting to set a bandwidth limit on how much traffic each individual computer in your network can receive in from the world (inbound tc filter)? Yes 15 Kbps 4) Are you wanting to set a bandwidth limit on how much traffic each individual computer in your network can send out to the world and set a bandwidth limit on how much traffic each individual computer in your network can receive in from the world (inbound and outbound tc filter)? Yes 5) How many computers are on your network? 30+Smoothwall=31 6) How many of the computers on your network are you wanting to rate limit? All 7) Do you have any types of traffic on your network that you want to give priority to (interactive SSH verses bulk file transfer FTP) or is all traffic equally important? All traffic equally important 8) Are you wanting to lock your computers at a specific rate or just share the aggregate bandwidth equally (or proportionately depending on priority)? Specific rate 9) If one computer has used all of it''s allocated bandwidth do you want it to be able to use any excess bandwidth from another computer that is not using all of it''s bandwidth? No Thanks for the aid... On 4/20/05, Taylor, Grant <gtaylor@riverviewtech.net> wrote:> Rene I have a list of questions for you: > > 1) Can we get a simple layout of your network? > > 2) Are you wanting to set a bandwidth limit on how much traffic each > individual computer in your network can send out to the world (outbound tc > filter)? > > 3) Are you wanting to set a bandwidth limit on how much traffic each > individual computer in your network can receive in from the world (inbound > tc filter)? > > 4) Are you wanting to set a bandwidth limit on how much traffic each > individual computer in your network can send out to the world and set a > bandwidth limit on how much traffic each individual computer in your network > can receive in from the world (inbound and outbound tc filter)? > > 5) How many computers are on your network? > > 6) How many of the computers on your network are you wanting to rate > limit? > > 7) Do you have any types of traffic on your network that you want to give > priority to (interactive SSH verses bulk file transfer FTP) or is all > traffic equally important? > > 8) Are you wanting to lock your computers at a specific rate or just share > the aggregate bandwidth equally (or proportionately depending on priority)? > > 9) If one computer has used all of it''s allocated bandwidth do you want it > to be able to use any excess bandwidth from another computer that is not > using all of it''s bandwidth? > > These are just some of the questions that come to mind immediately. Don''t > worry about your English, we can work through it. > > > > Grant. . . . > > Rene Casasola wrote: > > I have a Smoothwall like firewall and proxy, I would like to establish > > a bandwidth I inside specify for each IP my network. But that I have > > been able to do it is to install the QoS to him but it is not > > sufficient. Somebody can help me? > > > > My English is very bad, pardon if this badly written, I had to use a > translator. >
Ok, I have another question for you: 10) Is the 15 kbps rate limit a combination of inbound and outbound traffic or 15 kbps for inbound and 15 kbps for outbound for a total of 30 kbps traffic for any given client. (Is the 15 kbps full duplex or half duplex?) Grant. . . .
> 15 Kbps half duplextc qdisc add dev imq0 root handle 1: htb default 2 tc class add dev imq0 parent 1: classid 1:1 htb rate 15kbps tc qdisc add dev imq0 parent 1:1 handle 10: sfq perturb 10 tc filter add dev imq0 protocol ip parent 10:0 prio 1 u32 match ip src 192.168.1.1/32 flowid 1:1 tc filter add dev imq0 protocol ip parent 10:0 prio 1 u32 match ip dst 192.168.1.1/32 flowid 1:1 tc class add dev imq0 parent 1: classid 1:2 htb rate 15kbps tc qdisc add dev imq0 parent 1:2 handle 20: sfq perturb 10 tc filter add dev imq0 protocol ip parent 20:0 prio 1 u32 match ip src 192.168.1.2/32 flowid 1:2 tc filter add dev imq0 protocol ip parent 20:0 prio 1 u32 match ip dst 192.168.1.2/32 flowid 1:2 tc class add dev imq0 parent 1: classid 1:3 htb rate 15kbps tc qdisc add dev imq0 parent 1:3 handle 30: sfq perturb 10 tc filter add dev imq0 protocol ip parent 30:0 prio 1 u32 match ip src 192.168.1.3/32 flowid 1:3 tc filter add dev imq0 protocol ip parent 30:0 prio 1 u32 match ip dst 192.168.1.3/32 flowid 1:3 iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0 iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 ip link set imq0 up>From what reading I have done this is what I would probably try first. Seeing as I don''t have a box set up with IMQ to test I can''t tell you for sure if this will work or not. I think at the very least it will give you a head start as a direction to go run. I''ll try this as soon as I get a box up and running that does have IMQ on it. I know that I did modify a script that I am running here in the office to rate limit BitTourrents (for my Linux Distro''s ISOs) with very similar rules matching based on source or destination port. However I was using that on the raw ethernet device, not IMQ. However if you are wanting rate limiting for in and out bound traffic combined you need something like IMQ or some other sort of loop back connection that you can rate limit on. I think there might be a way to optimize the src and / or dst matches, though I''m not aware of any off hand. I''ll keeplooking at this and get back to you. Grant. . . .
> that I apply it IP to each of my network?Yes, you will want a similar rule for each IP on your network.> tc class add dev imq0 parent 1: classid 1:1 htb rate 15kbps > tc qdisc add dev imq0 parent 1:1 handle 10: sfq perturb 10 > tc filter add dev imq0 protocol ip parent 10:0 prio 1 u32 match ip src > 192.168.1.2<-<-<-<-<-<-<-<-</32 flowid 1:1 > tc filter add dev imq0 protocol ip parent 10:0 prio 1 u32 match ip dst > 192.168.1.2<-<-<-<-<-<-<-<-<-/32 flowid 1:1You will want to assign each ip to a different flow id as the flow id identifies a rate limiting rule. Thus if you put two or more computers on the same flow id they will be rate limited as one entity not each computer by its self. Grant. . . .