LARTC - Aug 2007 - Re: Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall (SOLVED)

Hi Paolo Malfatti,

Thanks for your script. It works fine.

I get what I expect.

THANK you all the way until it comes to an end.

FOR the benifit for evryone in the LIST.

HERE IS the SCRIPT AGAIN.

INTERFAZ_LAN=eth0

FULLBANDWIDTH=256

BANDWIDTH4LAN=64

tc qdisc del root dev $INTERFAZ_LAN
tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4
tc class add dev $INTERFAZ_LAN parent 1: classid 1:2 htb rate
"$FULLBANDWIDTH"Kbit
tc class add dev $INTERFAZ_LAN parent 1: classid 1:5 htb rate
"$BANDWIDTH4LAN"Kbit
tc qdisc add dev $INTERFAZ_LAN parent 1:5 handle 5 sfq perturb 10
tc filter add dev $INTERFAZ_LAN parent 1:0 protocol ip prio 1 u32 match ip
dst 192.168.101.0/24 <http://192.168.102.0/24> classid 1:5




On 8/8/07, Pio Mendez <pio_mendez@hotmail.com>
wrote:
>
> This script only shape the outgoing traffic (upload) in a NAT firewall. To
> shape the incoming traffic (downloads) there is a simpler script:
>
> INTERFAZ_LAN=eth0
>
> FULLBANDWIDTH=256
>
> BANDWIDTH4LAN=64
>
> tc qdisc del root dev $INTERFAZ_LAN
>
> tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4
> tc class add dev $INTERFAZ_LAN parent 1: classid 1:2 htb rate
> "$FULLBANDWIDTH"Kbit
> tc class add dev $INTERFAZ_LAN parent 1: classid 1:5 htb rate
> "$BANDWIDTH4LAN"Kbit
> tc qdisc add dev $INTERFAZ_LAN parent 1:5 handle 5 sfq perturb 10
> tc filter add dev $INTERFAZ_LAN parent 1:0 protocol ip prio 1 u32 match ip
> dst 192.168.101.0/24 <http://192.168.102.0/24> classid 1:5
>
> Regards
>
> Paolo Malfatti
>
> PS: dont forget to put a "tc qdisc del root dev $INTERFAZ_INT"
rule  at
> the beginning of your previous script.
>
>
>
> ------------------------------
> From:  *"Indunil Jayasooriya" <indunil75@gmail.com>*
> To:  *"Pio Mendez" <pio_mendez@hotmail.com>,
lartc@mailman.ds9a.nl*
> Subject:  *Re: [LARTC] Allocating 64 kbits/s out of 256 kbits/s for one
> LAN behingfirewall*
> Date:  *Wed, 8 Aug 2007 12:30:59 +0530*
>
> Hi Paolo Malfatti,
>
>
> Thanks for your script. I tried it .
>
>  But I still can not allocate 64 kbit for LAN.  We have a 256 kbit link.
> We usually download around @ 30-33  kbytes per second. That means, when it
> comes to kbits, I will have to mulitple it in to 8  as
> 1kbps=8kbit .
>
> pls see below for usual download  rate, before applying your rules.
>
> [root@worldnet wget]# wget 
http://mirrors.kernel.org/centos/5.0/isos/i386/CentOS-5.0-i386-bin-6of6.iso
>
>
> --12:16:27--
> http://mirrors.kernel.org/centos/5.0/isos/i386/CentOS-5.0-i386-bin-6of6.iso
>            => `CentOS-5.0-i386-bin-6of6.iso.1
> ''
> Resolving mirrors.kernel.org... 204.152.191.7, 204.152.191.39
> Connecting to mirrors.kernel.org|204.152.191.7|:80... connected.
> HTTP request sent, awaiting response... 200 OK
>
> Length: 407,005,184 (388M) [application/x-iso9660-image]
>
>  0%
> [
> ] 2,749,752     30.10K/s  ETA 4:43:0
>
>
> Then, I applied your rules. pls see below
>
>
> INTERFAZ_INT=eth0
>
> FULLBANDWIDTH=256
>
> BANDWIDTH4LAN=64
>
> iptables -t mangle -A PREROUTING -s
192.168.101.0/24<http://192.168.102.0/24>-j MARK --set-mark 0x5
>
> tc qdisc add dev $INTERFAZ_INT root handle 1 htb r2q 4
> tc class add dev $INTERFAZ_INT parent 1: classid 1:2 htb rate
> "$FULLBANDWIDTH"Kbit
> tc class add dev $INTERFAZ_INT parent 1: classid 1:5 htb rate
> "$BANDWIDTH4LAN"Kbit
>
> tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10
> tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 5 fw
> classid 1:5
>
>
> Still no luck. after applying rules, I downloaded an centos ISO image. But
> , I still can download @ usual rate. (
> i.e 30-33 kbytes per seconds).
>
> If your rules work, I will be able to download @ about 8 kbyes per second.
> (i.e - 8*8 kbit= 64 kbit)
>
> That is what I expect ?
>
> Where have I gone wrong?
>
>
>
>
>  On 8/7/07, Pio Mendez <pio_mendez@hotmail.com> wrote:
> >
> >  >What is r2q ad 4 there ?. I do not understand those two.
> I recommend you to read this:
>
> >  http://luxik.cdi.cz/~devik/qos/htb/
> > <http://luxik.cdi.cz/%7Edevik/qos/htb/>
> >
> >  the r2q is a divisor used to calculate the quantum of htb (the amount
> of bytes that will be transmitted before serving another class: quantum
> rate / r2q).
>
>  >tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10
>     >What is this above rule?, I don not understand at all.
>  a must: http://lartc.org/howto/lartc.qdisc.html
>
>  The classes do shape of traffic, but you need a Queue manager to trasmit
> it (qdisc rule).  Here you will find an example of HTB script:
> <http://lartc.org/howto/lartc.qdisc.classful.html#AEN1072>
> http://lartc.org/howto/lartc.qdisc.classful.html#AEN1072
>
>  >tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 10
> fw classid 1:5
>  >I do not understand the above rule too.
>
> there is an error: the right filter rule is:
>  tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 5 fw
> classid 1:5
>
>  The filter rule filter the traffic and send the mathing packets to the
> right class.
>  The iptables MARK rule mark the traffic before the SNAT. Later, after all
> iptables processing, the packets are filtered by this rule; if some packet
> match the "handle 5" filter (packet marked with 5 by the 
iptables rule will
>
>  match) then it will be shaped by htb class to 64kbps.
>
>  Hope this will help
>  Regards
>  Paolo Malfatti
>
>
> ------------------------------
> MSN Amor Busca tu ½ naranja <http://g.msn.com/8HMAES/2740??PS=47575>
>
>
>
>
> --
> Thank you
> Indunil Jayasooriya
>
>
> ------------------------------
> Charla con tus amigos en línea mediante MSN Messenger: Haz clic
aquí<http://g.msn.com/8HMBES/2728??PS=47575>



-- 
Thank you
Indunil Jayasooriya


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc