I have linux box (does nat and firewall for small network) connected to dsl. I want to set priorities for protocols (that nothing could disturb web browsing). This is my rules (eth0 connected to internet): /sbin/tc qdisc del dev eth0 root /sbin/tc qdisc add dev eth0 root handle 1 htb default 30 r2q 100 /sbin/tc class add dev eth0 parent 1: classid 1:2 htb rate 900Kbit burst 15k /sbin/tc class add dev eth0 parent 1:2 classid 1:10 htb rate 900Kbit ceil 900Kbit /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 80 0xffff classid 1:10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dport 80 0xffff classid 1:10 /sbin/tc class add dev eth0 parent 1:2 classid 1:20 htb rate 10Kbit ceil 900Kbit I start to download from ftp it uses all bandwidth (as it should be), when I start to download on web, web and ftp rated become more or less equal :/ . I want that ftp traffic would be limited to 10kbit and all other bandwidth would be left for web trafic. What is wrong with my rules? Thank you for advice!
Try chosing a lower limit for the 80th port at least 900-10, then add a sfq qdisc down the 1:10, 1:20 and 1:30 classes like this: tc qdisc add dev eth0 parent 1:x0 handle 1: sfq perturb 10 It will work, i had that kind of problem before. Regards. -Diego Jonas Jasas escribió:>I have linux box (does nat and firewall for small network) connected >to dsl. I want to set priorities for protocols (that nothing could >disturb web browsing). This is my rules (eth0 connected to internet): > >/sbin/tc qdisc del dev eth0 root >/sbin/tc qdisc add dev eth0 root handle 1 htb default 30 r2q 100 > >/sbin/tc class add dev eth0 parent 1: classid 1:2 htb rate 900Kbit burst 15k > >/sbin/tc class add dev eth0 parent 1:2 classid 1:10 htb rate 900Kbit >ceil 900Kbit >/sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match >ip sport 80 0xffff classid 1:10 >/sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match >ip dport 80 0xffff classid 1:10 > >/sbin/tc class add dev eth0 parent 1:2 classid 1:20 htb rate 10Kbit ceil 900Kbit > >I start to download from ftp it uses all bandwidth (as it should be), >when I start to download on web, web and ftp rated become more or less >equal :/ . I want that ftp traffic would be limited to 10kbit and all >other bandwidth would be left for web trafic. > >What is wrong with my rules? >Thank you for advice! >_______________________________________________ >LARTC mailing list >LARTC@mailman.ds9a.nl >mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > >
Also, there''s a mistake in your tc filter line, change classid by flowid. Take a look at the man page. -Diego Diego Cabrero escribió: Try chosing a lower limit for the 80th port at least 900-10, then add a sfq qdisc down the 1:10, 1:20 and 1:30 classes like this: tc qdisc add dev eth0 parent 1:x0 handle 1: sfq perturb 10 It will work, i had that kind of problem before. Regards. -Diego Jonas Jasas escribió: I have linux box (does nat and firewall for small network) connected to dsl. I want to set priorities for protocols (that nothing could disturb web browsing). This is my rules (eth0 connected to internet): /sbin/tc qdisc del dev eth0 root /sbin/tc qdisc add dev eth0 root handle 1 htb default 30 r2q 100 /sbin/tc class add dev eth0 parent 1: classid 1:2 htb rate 900Kbit burst 15k /sbin/tc class add dev eth0 parent 1:2 classid 1:10 htb rate 900Kbit ceil 900Kbit /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 80 0xffff classid 1:10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dport 80 0xffff classid 1:10 /sbin/tc class add dev eth0 parent 1:2 classid 1:20 htb rate 10Kbit ceil 900Kbit I start to download from ftp it uses all bandwidth (as it should be), when I start to download on web, web and ftp rated become more or less equal :/ . I want that ftp traffic would be limited to 10kbit and all other bandwidth would be left for web trafic. What is wrong with my rules? Thank you for advice! _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Firma Diego Cabrero Ingeniero en Automática y Electrónica Ind. diego.cabrero@e-attico.net Tel. 983 36 13 23 - Fax 983 34 19 86 Fundación ATTICO Fundación de Apoyo Tecnológico a la Transformación Industrial y para la Competitividad Empresarial Sede Social: C/ Camino del Cabildo 40, 47009 Valladolid ====================== CLÁUSULA DE CONFIDENCIALIDAD ======================= Este correo y sus anexos pueden contener información confidencial o legalmente protegida. Si le hubiera llegado por error, notifíquelo inmediatamente al remitente y por favor elimínelo sin revisarlo ni reenviarlo; cualquier copia, divulgación, distribución o uso de los contenidos está prohibida. Gracias por su colaboración. ==========================CONFIDENTIALITY NOTE =========================== This email, including any attached files, may contain confidential or legally privileged information. If you received it by error, please notify the sender immediately and destroy it without reading or forwarding it; any copying, disclosure, distribution or use of its contents is strictly prohibited. Thank you for your collaboration. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Thank you for your help! This is my modified rules, but that work exactly as before :~/ /sbin/tc qdisc del dev eth0 root /sbin/tc qdisc add dev eth0 root handle 1 htb default 20 r2q 100 /sbin/tc class add dev eth0 parent 1: classid 1:2 htb rate 900Kbit burst 15k /sbin/tc class add dev eth0 parent 1:2 classid 1:10 htb rate 890Kbit ceil 900Kbit /sbin/tc class add dev eth0 parent 1:2 classid 1:20 htb rate 10Kbit ceil 900Kbit /sbin/tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 /sbin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 80 0xffff flowid 1:10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dport 80 0xffff flowid 1:10 Are these rules OK or I am missing something again? Can anyone show me working example of similar rules. Thanks again for help!
I''m not sure what might be wrong but try it again without ''r2q 100'', ''burst 15k'' (keep default settings) and changing prio 100 by prio 3 or something .similar. Good luck. Jonas Jasas escribió: Thank you for your help! This is my modified rules, but that work exactly as before :~/ /sbin/tc qdisc del dev eth0 root /sbin/tc qdisc add dev eth0 root handle 1 htb default 20 r2q 100 /sbin/tc class add dev eth0 parent 1: classid 1:2 htb rate 900Kbit burst 15k /sbin/tc class add dev eth0 parent 1:2 classid 1:10 htb rate 890Kbit ceil 900Kbit /sbin/tc class add dev eth0 parent 1:2 classid 1:20 htb rate 10Kbit ceil 900Kbit /sbin/tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 /sbin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 80 0xffff flowid 1:10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dport 80 0xffff flowid 1:10 Are these rules OK or I am missing something again? Can anyone show me working example of similar rules. Thanks again for help! _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Firma Diego Cabrero Ingeniero en Automática y Electrónica Ind. diego.cabrero@e-attico.net Tel. 983 36 13 23 - Fax 983 34 19 86 Fundación ATTICO Fundación de Apoyo Tecnológico a la Transformación Industrial y para la Competitividad Empresarial Sede Social: C/ Camino del Cabildo 40, 47009 Valladolid ====================== CLÁUSULA DE CONFIDENCIALIDAD ======================= Este correo y sus anexos pueden contener información confidencial o legalmente protegida. Si le hubiera llegado por error, notifíquelo inmediatamente al remitente y por favor elimínelo sin revisarlo ni reenviarlo; cualquier copia, divulgación, distribución o uso de los contenidos está prohibida. Gracias por su colaboración. ==========================CONFIDENTIALITY NOTE =========================== This email, including any attached files, may contain confidential or legally privileged information. If you received it by error, please notify the sender immediately and destroy it without reading or forwarding it; any copying, disclosure, distribution or use of its contents is strictly prohibited. Thank you for your collaboration. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On Wed, Jan 11, 2006 at 05:05:10PM +0200, Jonas Jasas wrote:> Thank you for your help! > This is my modified rules, but that work exactly as before :~/ > > /sbin/tc qdisc del dev eth0 rootThe problem is that eth0 is connected to Internet? Do you really want to shape outgoing (ACK?) packets?> > Thanks again for help! > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc-- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-'' ` G.m-"^m`m'' Dmytro O. Redchuk
On 1/12/06, Dmytro O. Redchuk <dor@ldc.net> wrote:> The problem is that eth0 is connected to Internet?Yes it is connected to internet, but what is the difference if it is connected to internet or LAN?> Do you really want to shape outgoing (ACK?) packets?Yes, I have router and web server in one box. So I want that outgoing/incoming office traffic and web servers traffic would be with the high priority. In what place of iptables this htb traffic control is handled? My rules are ok when I set the same rate and ceil.
Now my guess once you have told that it is connected to a router the packet information about destiny and source port changes in between lan device and router device. So then you want to mark packets always by the LAN side no matter what you are shapping or what way (inbound or outbound). I hope this works. -Diego Jonas Jasas escribió: On 1/12/06, Dmytro O. Redchuk wrote: The problem is that eth0 is connected to Internet? connected to internet or LAN? Do you really want to shape outgoing (ACK?) packets? outgoing/incoming office traffic and web servers traffic would be with the high priority. In what place of iptables this htb traffic control is handled? My rules are ok when I set the same rate and ceil. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Firma Diego Cabrero Ingeniero en Automática y Electrónica Ind. diego.cabrero@e-attico.net Tel. 983 36 13 23 - Fax 983 34 19 86 Fundación ATTICO Fundación de Apoyo Tecnológico a la Transformación Industrial y para la Competitividad Empresarial Sede Social: C/ Camino del Cabildo 40, 47009 Valladolid ====================== CLÁUSULA DE CONFIDENCIALIDAD ======================= Este correo y sus anexos pueden contener información confidencial o legalmente protegida. Si le hubiera llegado por error, notifíquelo inmediatamente al remitente y por favor elimínelo sin revisarlo ni reenviarlo; cualquier copia, divulgación, distribución o uso de los contenidos está prohibida. Gracias por su colaboración. ==========================CONFIDENTIALITY NOTE =========================== This email, including any attached files, may contain confidential or legally privileged information. If you received it by error, please notify the sender immediately and destroy it without reading or forwarding it; any copying, disclosure, distribution or use of its contents is strictly prohibited. Thank you for your collaboration. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On Thu, Jan 12, 2006 at 10:48:13AM +0200, Jonas Jasas wrote:> On 1/12/06, Dmytro O. Redchuk <dor@ldc.net> wrote: > > The problem is that eth0 is connected to Internet? > Yes it is connected to internet, but what is the difference if it is > connected to internet or LAN? > > > Do you really want to shape outgoing (ACK?) packets? > Yes, I have router and web server in one box. So I want that > outgoing/incoming office traffic and web servers traffic would be > with the high priority. > > In what place of iptables this htb traffic control is handled? > My rules are ok when I set the same rate and ceil.Then, sorry, I didn''t understand which traffic you would like to control and in which way. And still can not understand. Can you draw a picture? Let''s say, a client (who wants to download), a server (who offers web or ftp services), a box (who should perform a traffic control), thier interfaces... -- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-'' ` G.m-"^m`m'' Dmytro O. Redchuk