LARTC - Jun 2005 - HTB: shaping internet bandwidth but don''t shape local network traffic

i got this problem, i want to shape my clients internet bw, but i
don''t want to shape my local network traffic. For information, my
clients using wireless to connect to my router[192.168.1.254].

when the clients request data from internet, example download from
www.download.com, i want to shape his bandwidth, but when the clients
[192.168.1.1] want to download from my file server example ip
192.168.1.253, i don''t want to shape the bandwidth.

Help me with this problem plz

Then shape on the external interface on your router?
So LAN traffic will never get shaped....

Cheers,
Andreas

Jefri Lie wrote:
>i got this problem, i want to shape my clients internet bw, but i
>don''t want to shape my local network traffic. For information, my
>clients using wireless to connect to my router[192.168.1.254].
>
>when the clients request data from internet, example download from
>www.download.com, i want to shape his bandwidth, but when the clients
>[192.168.1.1] want to download from my file server example ip
>192.168.1.253, i don''t want to shape the bandwidth.
>
>Help me with this problem plz
>_______________________________________________
>LARTC mailing list
>LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>  
>

On Thursday 30 June 2005 19:26, Jefri Lie wrote:
> i got this problem, i want to shape my clients internet bw, but i
> don''t want to shape my local network traffic. For information, my
> clients using wireless to connect to my router[192.168.1.254].
Common mistake is to use the internet class as root class on the LAN 
interface, which means everything (local traffic and internet traffic) 
gets shaped to internet class speed.

I solved it like this:

HTB Qdisc
|
\--- HTB root class (10MBit)
     |
     \--- HTB internet class (1Mbit)
     |    |
     |    \--- ... more classes for internet shaping ...
     |
     \--- HTB lan class (10-1=9Mbit)

This would be an example setup for a 10Mbit ethernet card, with a 1MBit 
internet connection, and local connections get what''s left. You put
your
internet traffic into the internet class (or one of it''s children), and
everything else (local traffic) into the lan class.

HTH
Andreas

Andreas Klauer escreveu:
>On Thursday 30 June 2005 19:26, Jefri Lie wrote:
>  
>
>>i got this problem, i want to shape my clients internet bw, but i
>>don''t want to shape my local network traffic. For information,
my
>>clients using wireless to connect to my router[192.168.1.254].
>>    
>>
>
>Common mistake is to use the internet class as root class on the LAN 
>interface, which means everything (local traffic and internet traffic) 
>gets shaped to internet class speed.
>
>I solved it like this:
>
>HTB Qdisc
>|
>\--- HTB root class (10MBit)
>     |
>     \--- HTB internet class (1Mbit)
>     |    |
>     |    \--- ... more classes for internet shaping ...
>     |
>     \--- HTB lan class (10-1=9Mbit)
>
>This would be an example setup for a 10Mbit ethernet card, with a 1MBit 
>internet connection, and local connections get what''s left. You put
your
>internet traffic into the internet class (or one of it''s children),
and
>everything else (local traffic) into the lan class.
>
>HTH
>Andreas
>_______________________________________________
>LARTC mailing list
>LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>  
>
This is exactly what Im trying to do, without success.... I''m almost 
giving up.

I made a little test script, follows:

tc qdisc add dev eth0 root handle 1: htb default 22
# The LAN class:
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 90mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 89232kbit ceil 90mbit
# The internet class:
tc class add dev eth0 parent 1:0 classid 1:2 htb rate 768kbit
tc class add dev eth0 parent 1:2 classid 1:20 htb rate 384kbit ceil 768kbit
tc class add dev eth0 parent 1:2 classid 1:21 htb rate 256kbit ceil 768kbit
tc class add dev eth0 parent 1:2 classid 1:22 htb rate 128kbit ceil 768kbit
# filter for the LAN:
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 10 fw 
classid 1:10
#Filter for internet:
tc filter add dev eth0 protocol ip parent 1:0 prio 2 handle 11 fw 
classid 1:20
tc filter add dev eth0 protocol ip parent 1:0 prio 3 handle 12 fw 
classid 1:21
tc filter add dev eth0 protocol ip parent 1:0 prio 4 handle 13 fw 
classid 1:22
# iptables mark:
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 
192.168.1.254 --dport 3128 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 
192.168.1.254 --dport 445 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 
192.168.1.254 --dport 139 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 
143 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 
80 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 
22 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 
44 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 
443 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 
110 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.0/24 -j MARK 
--set-mark 13

No error messages, everything fine.
Analysis:
[root@samba htb]# tc filter show dev eth0
filter parent 1: protocol ip pref 1 fw
filter parent 1: protocol ip pref 1 fw handle 0xa classid 1:10
filter parent 1: protocol ip pref 2 fw
filter parent 1: protocol ip pref 2 fw handle 0xb classid 1:20
filter parent 1: protocol ip pref 3 fw
filter parent 1: protocol ip pref 3 fw handle 0xc classid 1:21
filter parent 1: protocol ip pref 4 fw
filter parent 1: protocol ip pref 4 fw handle 0xd classid 1:22

[root@samba htb]# iptables -L -t mangle -v
Chain PREROUTING (policy ACCEPT 565 packets, 134K bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 MARK       tcp  --  any    any     192.168.1.0/24       
ns1.intranet.com.br tcp dpt:3128 MARK set 0xa
    0     0 MARK       tcp  --  any    any     192.168.1.0/24       
ns1.intranet.com.br tcp dpt:microsoft-ds MARK set 0xa
    0     0 MARK       tcp  --  any    any     192.168.1.0/24       
ns1.intranet.com.br tcp dpt:netbios-ssn MARK set 0xa
   29  1821 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:imap2 MARK set 0xb
   93 30816 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:www-http MARK set 0xb
  101  7652 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:ssh MARK set 0xb
    0     0 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:mpm-flags MARK set 0xb
    1    44 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:https MARK set 0xc
   44  2516 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:pop-3 MARK set 0xc
  266 41637 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            MARK set 0xd

Chain INPUT (policy ACCEPT 165 packets, 12979 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 400 packets, 121K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 98 packets, 12143 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 498 packets, 133K bytes)
 pkts bytes target     prot opt in     out     source               
destination
[root@samba htb]# iptables -L -t mangle -v
Chain PREROUTING (policy ACCEPT 2979 packets, 303K bytes)
 pkts bytes target     prot opt in     out     source               
destination
 2107  110K MARK       tcp  --  any    any     192.168.1.0/24       
ns1.intranet.com.br tcp dpt:3128 MARK set 0xa
    0     0 MARK       tcp  --  any    any     192.168.1.0/24       
ns1.intranet.com.br tcp dpt:microsoft-ds MARK set 0xa
   21  3733 MARK       tcp  --  any    any     192.168.1.0/24       
ns1.intranet.com.br tcp dpt:netbios-ssn MARK set 0xa
   29  1821 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:imap2 MARK set 0xb
  179 47088 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:www-http MARK set 0xb
  121  8932 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:ssh MARK set 0xb
    0     0 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:mpm-flags MARK set 0xb
    3   176 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:https MARK set 0xc
   44  2516 MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            tcp dpt:pop-3 MARK set 0xc
 2518  176K MARK       tcp  --  any    any     192.168.1.0/24       
anywhere            MARK set 0xd

Chain INPUT (policy ACCEPT 2389 packets, 138K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 590 packets, 165K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 4390 packets, 6339K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 4980 packets, 6504K bytes)
 pkts bytes target     prot opt in     out     source               
destination

A configured Apache to listen on port 3128, to  make tests, and in a 
machine in my Lan I do:

[william@whsm tmp]$ time wget samba.intranet.com.br:3128/768.txt
--12:34:22--  http://samba.intranet.com.br:3128/768.txt
           => `768.txt''
Resolving samba.intranet.com.br... 192.168.1.254
Connecting to samba.intranet.com.br[192.168.1.254]:3128... connected.
Requisição enviada ao servidor HTTP, esperando resposta... 200 OK
Tamanho: 7,864,320 [text/plain]

100%[================================================================================================================>]
7,864,320     91.59K/s    ETA 00:00

12:35:46 (91.70 KB/s) - `768.txt'' recebido [7864320/7864320]


real    1m23.817s
user    0m0.080s
sys     0m0.204s

As you can see, the download speed is 92KBps, the 768kbits in my script. 
but why the class 1:10 who haves garanteedrate 89232kbit wasn''t used ?
the fw mark is working, I see the traffic going correctly, but the 
correct filter is not applyed??!

Maybe some of you can give me a hand, I''m sure that something is 
misconfigured, but I can''t figure out where. I''m new in htb,
and I read
the LARTC how to, and search google for a solution, but in vain, this is 
getting me crazy!! Help me!!

Regards,

-- 
William Henrique Siqueira Marques
wmarques@vmlinuz.com.br
Rio de Janeiro - Brasil

On Friday 01 July 2005 17:48, William Marques wrote:
> tc class add dev eth0 parent 1:0 classid 1:1 htb rate 90mbit
> tc class add dev eth0 parent 1:0 classid 1:2 htb rate 768kbit
I don''t know if it makes any difference, but I only use one root class
and
have these two as children to that root class. This way, I find it easier 
to make sure that the total rate never exceeds interface capability.
> As you can see, the download speed is 92KBps, the 768kbits in my script.
> but why the class 1:10 who haves garanteedrate 89232kbit wasn''t
used ?
> the fw mark is working, I see the traffic going correctly, but the
> correct filter is not applyed??!
It''s just a quick guess, but probably your marking rules overwrite each
other in a way you didn''t intend them to. Add a log target at the end
of
the script, and check if packets actually get really marked correctly.

HTH
Andreas