Jefri Lie
2005-Jun-30 17:26 UTC
HTB: shaping internet bandwidth but don''t shape local network traffic
i got this problem, i want to shape my clients internet bw, but i don''t want to shape my local network traffic. For information, my clients using wireless to connect to my router[192.168.1.254]. when the clients request data from internet, example download from www.download.com, i want to shape his bandwidth, but when the clients [192.168.1.1] want to download from my file server example ip 192.168.1.253, i don''t want to shape the bandwidth. Help me with this problem plz
Andreas Unterkircher
2005-Jun-30 17:36 UTC
Re: HTB: shaping internet bandwidth but don''t shape local network traffic
Then shape on the external interface on your router? So LAN traffic will never get shaped.... Cheers, Andreas Jefri Lie wrote:>i got this problem, i want to shape my clients internet bw, but i >don''t want to shape my local network traffic. For information, my >clients using wireless to connect to my router[192.168.1.254]. > >when the clients request data from internet, example download from >www.download.com, i want to shape his bandwidth, but when the clients >[192.168.1.1] want to download from my file server example ip >192.168.1.253, i don''t want to shape the bandwidth. > >Help me with this problem plz >_______________________________________________ >LARTC mailing list >LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > >
Andreas Klauer
2005-Jun-30 17:48 UTC
Re: HTB: shaping internet bandwidth but don''t shape local network traffic
On Thursday 30 June 2005 19:26, Jefri Lie wrote:> i got this problem, i want to shape my clients internet bw, but i > don''t want to shape my local network traffic. For information, my > clients using wireless to connect to my router[192.168.1.254].Common mistake is to use the internet class as root class on the LAN interface, which means everything (local traffic and internet traffic) gets shaped to internet class speed. I solved it like this: HTB Qdisc | \--- HTB root class (10MBit) | \--- HTB internet class (1Mbit) | | | \--- ... more classes for internet shaping ... | \--- HTB lan class (10-1=9Mbit) This would be an example setup for a 10Mbit ethernet card, with a 1MBit internet connection, and local connections get what''s left. You put your internet traffic into the internet class (or one of it''s children), and everything else (local traffic) into the lan class. HTH Andreas
William Marques
2005-Jul-01 15:48 UTC
Re: HTB: shaping internet bandwidth but don''t shape local network traffic
Andreas Klauer escreveu:>On Thursday 30 June 2005 19:26, Jefri Lie wrote: > > >>i got this problem, i want to shape my clients internet bw, but i >>don''t want to shape my local network traffic. For information, my >>clients using wireless to connect to my router[192.168.1.254]. >> >> > >Common mistake is to use the internet class as root class on the LAN >interface, which means everything (local traffic and internet traffic) >gets shaped to internet class speed. > >I solved it like this: > >HTB Qdisc >| >\--- HTB root class (10MBit) > | > \--- HTB internet class (1Mbit) > | | > | \--- ... more classes for internet shaping ... > | > \--- HTB lan class (10-1=9Mbit) > >This would be an example setup for a 10Mbit ethernet card, with a 1MBit >internet connection, and local connections get what''s left. You put your >internet traffic into the internet class (or one of it''s children), and >everything else (local traffic) into the lan class. > >HTH >Andreas >_______________________________________________ >LARTC mailing list >LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > >This is exactly what Im trying to do, without success.... I''m almost giving up. I made a little test script, follows: tc qdisc add dev eth0 root handle 1: htb default 22 # The LAN class: tc class add dev eth0 parent 1:0 classid 1:1 htb rate 90mbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 89232kbit ceil 90mbit # The internet class: tc class add dev eth0 parent 1:0 classid 1:2 htb rate 768kbit tc class add dev eth0 parent 1:2 classid 1:20 htb rate 384kbit ceil 768kbit tc class add dev eth0 parent 1:2 classid 1:21 htb rate 256kbit ceil 768kbit tc class add dev eth0 parent 1:2 classid 1:22 htb rate 128kbit ceil 768kbit # filter for the LAN: tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 10 fw classid 1:10 #Filter for internet: tc filter add dev eth0 protocol ip parent 1:0 prio 2 handle 11 fw classid 1:20 tc filter add dev eth0 protocol ip parent 1:0 prio 3 handle 12 fw classid 1:21 tc filter add dev eth0 protocol ip parent 1:0 prio 4 handle 13 fw classid 1:22 # iptables mark: iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.254 --dport 3128 -j MARK --set-mark 10 iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.254 --dport 445 -j MARK --set-mark 10 iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.254 --dport 139 -j MARK --set-mark 10 iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 143 -j MARK --set-mark 11 iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 80 -j MARK --set-mark 11 iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 22 -j MARK --set-mark 11 iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 44 -j MARK --set-mark 11 iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 443 -j MARK --set-mark 12 iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 110 -j MARK --set-mark 12 iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -j MARK --set-mark 13 No error messages, everything fine. Analysis: [root@samba htb]# tc filter show dev eth0 filter parent 1: protocol ip pref 1 fw filter parent 1: protocol ip pref 1 fw handle 0xa classid 1:10 filter parent 1: protocol ip pref 2 fw filter parent 1: protocol ip pref 2 fw handle 0xb classid 1:20 filter parent 1: protocol ip pref 3 fw filter parent 1: protocol ip pref 3 fw handle 0xc classid 1:21 filter parent 1: protocol ip pref 4 fw filter parent 1: protocol ip pref 4 fw handle 0xd classid 1:22 [root@samba htb]# iptables -L -t mangle -v Chain PREROUTING (policy ACCEPT 565 packets, 134K bytes) pkts bytes target prot opt in out source destination 0 0 MARK tcp -- any any 192.168.1.0/24 ns1.intranet.com.br tcp dpt:3128 MARK set 0xa 0 0 MARK tcp -- any any 192.168.1.0/24 ns1.intranet.com.br tcp dpt:microsoft-ds MARK set 0xa 0 0 MARK tcp -- any any 192.168.1.0/24 ns1.intranet.com.br tcp dpt:netbios-ssn MARK set 0xa 29 1821 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:imap2 MARK set 0xb 93 30816 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:www-http MARK set 0xb 101 7652 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:ssh MARK set 0xb 0 0 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:mpm-flags MARK set 0xb 1 44 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:https MARK set 0xc 44 2516 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:pop-3 MARK set 0xc 266 41637 MARK tcp -- any any 192.168.1.0/24 anywhere MARK set 0xd Chain INPUT (policy ACCEPT 165 packets, 12979 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 400 packets, 121K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 98 packets, 12143 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 498 packets, 133K bytes) pkts bytes target prot opt in out source destination [root@samba htb]# iptables -L -t mangle -v Chain PREROUTING (policy ACCEPT 2979 packets, 303K bytes) pkts bytes target prot opt in out source destination 2107 110K MARK tcp -- any any 192.168.1.0/24 ns1.intranet.com.br tcp dpt:3128 MARK set 0xa 0 0 MARK tcp -- any any 192.168.1.0/24 ns1.intranet.com.br tcp dpt:microsoft-ds MARK set 0xa 21 3733 MARK tcp -- any any 192.168.1.0/24 ns1.intranet.com.br tcp dpt:netbios-ssn MARK set 0xa 29 1821 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:imap2 MARK set 0xb 179 47088 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:www-http MARK set 0xb 121 8932 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:ssh MARK set 0xb 0 0 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:mpm-flags MARK set 0xb 3 176 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:https MARK set 0xc 44 2516 MARK tcp -- any any 192.168.1.0/24 anywhere tcp dpt:pop-3 MARK set 0xc 2518 176K MARK tcp -- any any 192.168.1.0/24 anywhere MARK set 0xd Chain INPUT (policy ACCEPT 2389 packets, 138K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 590 packets, 165K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4390 packets, 6339K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 4980 packets, 6504K bytes) pkts bytes target prot opt in out source destination A configured Apache to listen on port 3128, to make tests, and in a machine in my Lan I do: [william@whsm tmp]$ time wget samba.intranet.com.br:3128/768.txt --12:34:22-- http://samba.intranet.com.br:3128/768.txt => `768.txt'' Resolving samba.intranet.com.br... 192.168.1.254 Connecting to samba.intranet.com.br[192.168.1.254]:3128... connected. Requisição enviada ao servidor HTTP, esperando resposta... 200 OK Tamanho: 7,864,320 [text/plain] 100%[================================================================================================================>] 7,864,320 91.59K/s ETA 00:00 12:35:46 (91.70 KB/s) - `768.txt'' recebido [7864320/7864320] real 1m23.817s user 0m0.080s sys 0m0.204s As you can see, the download speed is 92KBps, the 768kbits in my script. but why the class 1:10 who haves garanteedrate 89232kbit wasn''t used ? the fw mark is working, I see the traffic going correctly, but the correct filter is not applyed??! Maybe some of you can give me a hand, I''m sure that something is misconfigured, but I can''t figure out where. I''m new in htb, and I read the LARTC how to, and search google for a solution, but in vain, this is getting me crazy!! Help me!! Regards, -- William Henrique Siqueira Marques wmarques@vmlinuz.com.br Rio de Janeiro - Brasil
Andreas Klauer
2005-Jul-01 17:22 UTC
Re: HTB: shaping internet bandwidth but don''t shape local network traffic
On Friday 01 July 2005 17:48, William Marques wrote:> tc class add dev eth0 parent 1:0 classid 1:1 htb rate 90mbit > tc class add dev eth0 parent 1:0 classid 1:2 htb rate 768kbitI don''t know if it makes any difference, but I only use one root class and have these two as children to that root class. This way, I find it easier to make sure that the total rate never exceeds interface capability.> As you can see, the download speed is 92KBps, the 768kbits in my script. > but why the class 1:10 who haves garanteedrate 89232kbit wasn''t used ? > the fw mark is working, I see the traffic going correctly, but the > correct filter is not applyed??!It''s just a quick guess, but probably your marking rules overwrite each other in a way you didn''t intend them to. Add a log target at the end of the script, and check if packets actually get really marked correctly. HTH Andreas