thr3ads.net - Shorewall users - ifb0 simple traffic shaping for masq [Oct 2008]

If this information is useful, please help other people find it:
Share via:

Branko Tanovic

2008-Oct-30 13:05 UTC

ifb0 simple traffic shaping for masq

Hello all,
First of all I like to thank Tom for making wonderful shorewall
script and making life for sysadmins much easier.

Anyway I got problem with simple bandwith limiting using ifb
in my internal lan.
I tried simple configuration.

our local lan  is
eth1 192.168.5.0/24
eth0 is our wan interface which have 2048kbit/s  upload/download.
I tried to shape limit on my computer u/d 10kbit/s  on ip 192.168.5.253
in internal lan but no success.

This wget from kernel.org on computer 192.168.5.253
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.4.tar.bz2
           => `linux-2.6.27.4.tar.bz2.22''
Resolving www.kernel.org... 204.152.191.37, 204.152.191.5
Connecting to www.kernel.org|204.152.191.37|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 50,359,534 (48M) [application/x-bzip2]

 1% [                                     ] 699,073       95.88K/s  

Please help what I am doing wrong.
Thank you very much.


This my configuration. tcdevices,tcclasses,tcfilters,tcrules


INTERFACE      IN-BANDWITH     OUT-BANDWIDTH
1:eth0          -               2048kbit     classify
2:ifb0           -               2048kbit      -                 eth0



 Shorewall version 4 - Tcclasses File
#
# For information about entries in this file, type "man
shorewall-tcclasses"
#
# See http://shorewall.net/traffic_shaping.htm for additional information.
#
###############################################################################
#INTERFACE      MARK    RATE    CEIL    PRIORITY        OPTIONS
#INTERFACE      MARK    RATE            CEIL            PRIORITY    OPTIONS

#####outgoing klase

1:110           -       2*full/10        full       1              default
1:120           -       10kbit          10kbit      2

2:110           -       2*full/10        full       1              default
2:120           -       10kbit          10kbit      2

##LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
~                                                               

 
# For information about entries in this file, type "man
shorewall-tcfilters"
#
# See http://shorewall.net/traffic_shaping.htm for additional information.
#
###############################################################################
#INTERFACE:     SOURCE          DEST            PROTO   DEST    SOURCE

#
1:110           -               -               icmp    
echo-request,echo-reply
1:110           -               -               icmp    echo-reply
1:120           192.168.5.253   -               tcp     -       -

#
##                                   INCOMING TRAFFIC
##
2:120           -               192.168.5.253    tcp    -       -

#
##                                   INCOMING TRAFFIC
##
2:120           -               192.168.5.253    tcp    -       -

##                                                                    
PORT(S)
1:110             0.0.0.0/0       0.0.0.0/0       icmp    echo-request
1:110             0.0.0.0/0       0.0.0.0/0       icmp    echo-reply
2:110             0.0.0.0/0       0.0.0.0/0       icmp    echo-request
2:110             0.0.0.0/0       0.0.0.0/0       icmp    echo-reply


# Shorewall version 4 - Tcrules File
#
# For information about entries in this file, type "man
shorewall-tcrules"
#
# See http://shorewall.net/traffic_shaping.htm for additional information.
# For usage in selecting among multiple ISPs, see
# http://shorewall.net/MultiISP.html
#
# See http://shorewall.net/PacketMarking.html for a detailed description of
# the Netfilter/Shorewall packet marking mechanism.
###############################################################################
#MARK   SOURCE          DEST            PROTO   DEST    SOURCE  USER    
TEST    LENGTH  TOS
#MARK           SOURCE          DEST            PROTO   PORT(S)      
CLIENT   USER
##                                                                    
PORT(S)
1:110             0.0.0.0/0       0.0.0.0/0       icmp    echo-request
1:110             0.0.0.0/0       0.0.0.0/0       icmp    echo-reply
2:110             0.0.0.0/0       0.0.0.0/0       icmp    echo-request
2:110             0.0.0.0/0       0.0.0.0/0       icmp    echo-reply


1:120   192.168.5.253   0.0.0.0/0       all
1:120   0.0.0.0/0       192.168.5.253   all

2:120   192.168.5.253   0.0.0.0/0       all
2:120   0.0.0.0/0       192.168.5.253   all





root@fw:~# shorewall show filters
Shorewall 4.2.0 Classifiers at fw - Thu Oct 30 12:45:46 CET 2008

Device eth0:
filter parent 1: protocol ip pref 10 u32
filter parent 1: protocol ip pref 10 u32 fh 1: ht divisor 1
filter parent 1: protocol ip pref 10 u32 fh 1::800 order 2048 key ht 1 
bkt 0 flowid 1:110
  match 08000000/ff000000 at nexthdr+0
filter parent 1: protocol ip pref 10 u32 fh 1::801 order 2049 key ht 1 
bkt 0 flowid 1:110
  match 00000000/ff000000 at nexthdr+0
filter parent 1: protocol ip pref 10 u32 fh 1::802 order 2050 key ht 1 
bkt 0 flowid 1:110
  match 00000000/ff000000 at nexthdr+0
filter parent 1: protocol ip pref 10 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 
800 bkt 0 link 1:
  match 00010000/00ff0000 at 8
    offset 0f00>>6 at 0  eat
filter parent 1: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 
800 bkt 0 link 1:
  match 00010000/00ff0000 at 8
    offset 0f00>>6 at 0  eat
filter parent 1: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 
800 bkt 0 flowid 1:120
  match c0a805fd/ffffffff at 12
  match 00060000/00ff0000 at 8

Device eth1:

Device eth2:

Device eth3:

Device ifb0:
filter parent 2: protocol ip pref 10 u32
filter parent 2: protocol ip pref 10 u32 fh 800: ht divisor 1
filter parent 2: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 
800 bkt 0 flowid 2:120
  match c0a805fd/ffffffff at 16
  match 00060000/00ff0000 at 8






 

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Tom Eastep

2008-Oct-30 14:52 UTC

head link

Re: ifb0 simple traffic shaping for masq

Branko Tanovic wrote:
> Please help what I am doing wrong.
Please read the IFB documentation again. Packets ''leaving'' the
IFB
device are *as they are on the wire*. That means that they will never
have addresses from your local network as either the SOURCE or
DESTINATION IP. Furthermore, they will not have gone through any
Netfilter hooks so they will not have any packet marks.

-Tom
-- 
Tom Eastep        \ The ultimate result of shielding men from the
Shoreline,         \ effects of folly is to fill the world with fools.
Washington, USA     \                                 -Herbert Spencer
http://shorewall.net \________________________________________________



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Shorewall users - Oct 2008 - ifb0 simple traffic shaping for masq

ifb0 simple traffic shaping for masq

Re: ifb0 simple traffic shaping for masq