[LARTC] Help!!! Bandwith Control with a NAT machine
Miguel Ángel Domínguez Durán
mdominguez@cherrytel.com
Fri Feb 11 12:56:44 CET 2005
This is a multi-part message in MIME format.
------=_NextPart_000_000B_01C51041.8588A250
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello everyone,=20
First of all, sorry for my poor english.
I've been working with this for a few weeks and I'm getting sick...
I'm trying to control the bandwith in my network using the following =
script. The machine where the script is running makes NAT, eth0 is =
connected to the router and eth1 is connected to the Lan. When I run the =
script it doesn't appear any errors, i have recompiled a Red Hat kernel =
2.4.20, check all the options right and installed iproute2-2.6.9. The =
result is that every packet is sent to the default queue and I can't =
understand why. It seems like iptables is not marking any of the =
packets, all the queues and classes are empty, traffic always goes =
through default queues in uplink and downlink.
Here is the script, which is a modification of some things i've found in =
the net:=20
#!/bin/bash
#
#
DEV1=3Deth1 #salida a red local
DEV0=3Deth0 #salida a internet
#
TC=3D/usr/sbin/tc
if [ "$1" =3D "status" ]
then
echo "Enlace descendente"
echo "[qdisc]"
$TC -s qdisc show dev $DEV1
echo "[class]"
$TC -s class show dev $DEV1
echo "[filter]"
$TC -s filter show dev $DEV1
echo "Enlace ascendente"
echo "[qdisc]"
$TC -s qdisc show dev $DEV0
echo "[class]"
$TC -s class show dev $DEV0
echo "[filter]"
$TC -s filter show dev $DEV0
# echo "[iptables]"
# iptables -t mangle -L MYSHAPER-OUT -v -x 2> /dev/null
# iptables -t mangle -L MYSHAPER-IN -v -x 2> /dev/null
exit
fi
# Reset everything to a known state (cleared)
$TC qdisc del dev $DEV0 root 2> /dev/null > /dev/null
$TC qdisc del dev $DEV1 root 2> /dev/null > /dev/null
iptables -t mangle -D PREROUTING -i $DEV0 -j MYSHAPER-OUT 2> /dev/null > =
/dev/null
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -D PREROUTING -i $DEV1 -j MYSHAPER-IN 2> /dev/null > =
/dev/null
iptables -t mangle -F MYSHAPER-IN 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-IN 2> /dev/null > /dev/null
#iptables -t mangle -D PREROUTING -i $DEV0 -j MYSHAPER-IN 2> /dev/null > =
/dev/null
if [ "$1" =3D "stop" ]
then
echo "Shaping removed on $DEV1."
echo "Shaping removed on $DEV0."
exit
fi
###########################################################
#
# Inbound Shaping (limits total bandwidth to 1000Kbps)
# Este es el enlace descendente, desde internet hacia la red interna de =
Cherrytel
# set queue size to give latency of about 2 seconds on low-prio packets
ip link set dev $DEV1 qlen 30
# changes mtu on the outbound device. Lowering the mtu will result
# in lower latency but will also cause slightly lower throughput due
# to IP and TCP protocol overhead.
ip link set dev $DEV1 mtu 1000
# add HTB root qdisc
$TC qdisc add dev $DEV1 root handle 1: htb default 37
# add main rate limit classes
$TC class add dev $DEV1 parent 1: classid 1:1 htb rate 1000kbit
# add leaf classes - We grant each class at LEAST it's "fair share" of =
bandwidth.
# this way no class will ever be starved by another =
class. Each
# class is also permitted to consume all of the =
available bandwidth
# if no other classes are in use.
$TC class add dev $DEV1 parent 1:1 classid 1:20 htb rate 64kbit ceil =
1000kbit =20
$TC class add dev $DEV1 parent 1:1 classid 1:21 htb rate 64kbit ceil =
1000kbit =20
$TC class add dev $DEV1 parent 1:1 classid 1:22 htb rate 64kbit ceil =
1000kbit =20
$TC class add dev $DEV1 parent 1:1 classid 1:37 htb rate 832kbit ceil =
1000kbit #por defecto
$TC class add dev $DEV1 parent 1:1 classid 1:23 htb rate 64kbit ceil =
64kbit #prueba, maq WiFi
# attach qdisc to leaf classes - here we at SFQ to each priority class. =
SFQ insures that
# within each class connections will be =
treated (almost) fairly.
$TC qdisc add dev $DEV1 parent 1:20 handle 20: sfq perturb 10
$TC qdisc add dev $DEV1 parent 1:21 handle 21: sfq perturb 10
$TC qdisc add dev $DEV1 parent 1:22 handle 22: sfq perturb 10
$TC qdisc add dev $DEV1 parent 1:37 handle 37: sfq perturb 10
$TC qdisc add dev $DEV1 parent 1:23 handle 23: sfq perturb 10
# filter traffic into classes by fwmark - here we direct traffic into =
priority class according to
# the fwmark set on the packet =
(we set fwmark with iptables
# later). Note that above we've =
set the default priority
# class to 1:37 so unmarked =
packets (or packets marked with
# unfamiliar IDs) will be =
defaulted to the lowest priority
# class.
$TC filter add dev $DEV1 parent 1:0 prio 0 protocol ip handle 20 fw =
flowid 1:20
$TC filter add dev $DEV1 parent 1:0 prio 0 protocol ip handle 21 fw =
flowid 1:21
$TC filter add dev $DEV1 parent 1:0 prio 0 protocol ip handle 22 fw =
flowid 1:22
$TC filter add dev $DEV1 parent 1:0 prio 0 protocol ip handle 23 fw =
flowid 1:23
# Marking the packets. Se marcan los paquetes en el interfaz contrario, =
para que no se vean
# afectados por el NAT que hacen las reglas del firewall
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I PREROUTING -i $DEV0 -j MYSHAPER-OUT
#iptables -t mangle -A MYSHAPER-IN -p tcp --sport ssh -j MARK --set-mark =
20
iptables -A MYSHAPER-OUT -d 172.9.264.30 -t mangle -j MARK --set-mark 20
iptables -A MYSHAPER-OUT -d 172.9.264.31 -t mangle -j MARK --set-mark 20
iptables -A MYSHAPER-OUT -d 172.9.264.32 -t mangle -j MARK --set-mark 20
iptables -A MYSHAPER-OUT -d 172.9.234.22 -t mangle -j MARK --set-mark 21
iptables -A MYSHAPER-OUT -d 172.9.234.71 -t mangle -j MARK --set-mark 21
iptables -A MYSHAPER-OUT -d 172.9.234.25 -t mangle -j MARK --set-mark 22
iptables -A MYSHAPER-OUT -d 172.9.234.14 -t mangle -j MARK --set-mark 23
# redundant- mark any unmarked packets as 26 (low prio)
#El resto de tr=C3=A1co ir=C3=ADal flujo por defecto, el 2:37.
# Done with inbound shaping
#
####################################################
echo "Control del enlace descendente activado."
#Si solo se desea controlar el enlace descendente, quitar el comentario =
de la siguiente instruccion exit
#exit
###########################################################
#
# Outbound Shaping (limits total bandwidth to 1000Kbps)
# Este es el enlace ascendente, desde la red interna de Cherrytel a =
internet
# set queue size to give latency of about 2 seconds on low-prio packets
ip link set dev $DEV0 qlen 30
# changes mtu on the outbound device. Lowering the mtu will result
# in lower latency but will also cause slightly lower throughput due
# to IP and TCP protocol overhead.
ip link set dev $DEV0 mtu 1000
# add HTB root qdisc
$TC qdisc add dev $DEV0 root handle 2: htb default 73
# add main rate limit classes
$TC class add dev $DEV0 parent 2: classid 2:1 htb rate 1000kbit
# add leaf classes - We grant each class at LEAST it's "fair share" of =
bandwidth.
# this way no class will ever be starved by another =
class. Each
# class is also permitted to consume all of the =
available bandwidth
# if no other classes are in use.
$TC class add dev $DEV0 parent 2:1 classid 2:70 htb rate 64kbit ceil =
1000kbit =20
$TC class add dev $DEV0 parent 2:1 classid 2:71 htb rate 64kbit ceil =
1000kbit =20
$TC class add dev $DEV0 parent 2:1 classid 2:72 htb rate 64kbit ceil =
1000kbit =20
$TC class add dev $DEV0 parent 2:1 classid 2:87 htb rate 744kbit ceil =
1000kbit=20
$TC class add dev $DEV0 parent 2:1 classid 2:73 htb rate 64kbit ceil =
64kbit #prueba
# attach qdisc to leaf classes - here we at SFQ to each priority class. =
SFQ insures that
# within each class connections will be =
treated (almost) fairly.
$TC qdisc add dev $DEV0 parent 2:70 handle 70: sfq perturb 10
$TC qdisc add dev $DEV0 parent 2:71 handle 71: sfq perturb 10
$TC qdisc add dev $DEV0 parent 2:72 handle 72: sfq perturb 10
$TC qdisc add dev $DEV0 parent 2:87 handle 87: sfq perturb 10
$TC qdisc add dev $DEV0 parent 2:73 handle 73: sfq perturb 10
# filter traffic into classes by fwmark - here we direct traffic into =
priority class according to
# the fwmark set on the packet =
(we set fwmark with iptables
# later). Note that above we've =
set the default priority
# class to 1:87 so unmarked =
packets (or packets marked with
# unfamiliar IDs) will be =
defaulted to the lowest priority
# class.
$TC filter add dev $DEV0 parent 2:0 prio 1 protocol ip handle 70 fw =
flowid 1:70
$TC filter add dev $DEV0 parent 2:0 prio 2 protocol ip handle 71 fw =
flowid 1:71
$TC filter add dev $DEV0 parent 2:0 prio 3 protocol ip handle 72 fw =
flowid 1:72
$TC filter add dev $DEV0 parent 2:0 prio 4 protocol ip handle 73 fw =
flowid 1:73
# Marking the packets. Se marcan los paquetes en el interfaz contrario, =
para que no se vean
# afectados por el NAT que hacen las reglas del firewall
iptables -t mangle -N MYSHAPER-IN
iptables -t mangle -I PREROUTING -i $DEV1 -j MYSHAPER-IN
#iptables -t mangle -A MYSHAPER-IN -p ! tcp -j MARK --set-mark 20
iptables -A MYSHAPER-IN -s 172.9.234.30 -t mangle -j MARK --set-mark 70
iptables -A MYSHAPER-IN -s 172.9.234.31 -t mangle -j MARK --set-mark 70
iptables -A MYSHAPER-IN -s 172.9.234.32 -t mangle -j MARK --set-mark 70
iptables -A MYSHAPER-IN -s 172.9.234.22 -t mangle -j MARK --set-mark 71
iptables -A MYSHAPER-IN -s 172.9.234.71 -t mangle -j MARK --set-mark 71
iptables -A MYSHAPER-IN -s 172.9.234.25 -t mangle -j MARK --set-mark 72
#Prueba maquina WiFi
iptables -A MYSHAPER-IN -s 172.9.234.14 -t mangle -j MARK --set-mark 73
#El resto de tr=C3=A1co ir=C3=ADal flujo por defecto, el 2:87.
# Done with outbound shaping
####################################################
echo "Control del enlace ascendente activado."
exit
Thanks for your help!
UN CORDIAL SALUDO
Miguel =C1ngel Dom=EDnguez Dur=E1n.
Departamento T=E9cnico.
Cherrytel Comunicaciones, S.L.
mdominguez@cherrytel.com
http://www.cherrytel.com/
Tlf. 902 115 673
Fax 952218170
------=_NextPart_000_000B_01C51041.8588A250
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello everyone, </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>First of all, sorry for my poor=20
english.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I've been working with this for a few =
weeks and I'm=20
getting sick...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I'm trying to control the bandwith in =
my network=20
using the following script. The machine where the script is running =
makes NAT,=20
eth0 is connected to the router and eth1 is connected to the Lan. When I =
run the=20
script it doesn't appear any errors, i have recompiled a Red Hat kernel =
2.4.20,=20
check all the options right and installed iproute2-2.6.9. The result is =
that=20
every packet </FONT><FONT face=3DArial size=3D2>is sent to the default =
queue=20
and I can't understand why. It seems like iptables is not marking =
any of=20
the packets, all the queues and classes are empty, traffic always goes =
through=20
default queues in uplink and downlink.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Here is the script, which is a =
modification of some=20
things i've found in the net: </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>#!/bin/bash<BR>#<BR>#</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>DEV1=3Deth1 #salida a red =
local<BR>DEV0=3Deth0 #salida=20
a internet<BR></FONT><FONT face=3DArial size=3D2></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>#</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>TC=3D/usr/sbin/tc</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>if [ "$1" =3D "status"=20
]<BR>then<BR> echo "Enlace=20
descendente"<BR> echo=20
"[qdisc]"<BR> $TC -s qdisc =
show dev=20
$DEV1<BR> echo=20
"[class]"<BR> $TC -s class =
show dev=20
$DEV1<BR> echo=20
"[filter]"<BR> $TC -s filter =
show dev=20
$DEV1</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV><FONT face=3DArial =
size=3D2>
<DIV><BR> echo "Enlace=20
ascendente"<BR> echo=20
"[qdisc]"<BR> $TC -s qdisc =
show dev=20
$DEV0<BR> echo=20
"[class]"<BR> $TC -s class =
show dev=20
$DEV0<BR> echo=20
"[filter]"<BR> $TC -s filter =
show dev=20
$DEV0</DIV>
<DIV> </DIV>
<DIV># echo=20
"[iptables]"<BR># iptables -t mangle =
-L=20
MYSHAPER-OUT -v -x 2> =
/dev/null<BR># =20
iptables -t mangle -L MYSHAPER-IN -v -x 2> /dev/null</DIV>
<DIV> </DIV>
<DIV><BR> exit<BR>fi</DIV>
<DIV> </DIV>
<DIV># Reset everything to a known state (cleared)<BR>$TC qdisc del dev =
$DEV0=20
root 2> /dev/null > /dev/null<BR>$TC qdisc del =
dev $DEV1=20
root 2> /dev/null > /dev/null<BR>iptables -t =
mangle -D=20
PREROUTING -i $DEV0 -j MYSHAPER-OUT 2> /dev/null > =
/dev/null<BR>iptables=20
-t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null<BR>iptables -t =
mangle=20
-X MYSHAPER-OUT 2> /dev/null > /dev/null<BR>iptables -t mangle -D=20
PREROUTING -i $DEV1 -j MYSHAPER-IN 2> /dev/null > =
/dev/null<BR>iptables -t=20
mangle -F MYSHAPER-IN 2> /dev/null > /dev/null<BR>iptables -t =
mangle -X=20
MYSHAPER-IN 2> /dev/null > /dev/null</DIV>
<DIV> </DIV>
<DIV>#iptables -t mangle -D PREROUTING -i $DEV0 -j MYSHAPER-IN 2> =
/dev/null=20
> /dev/null</DIV>
<DIV> </DIV>
<DIV><BR>if [ "$1" =3D "stop"=20
]<BR>then<BR> echo "Shaping =
removed on=20
$DEV1."<BR> echo "Shaping =
removed on=20
$DEV0."<BR> exit<BR>fi</DIV>
<DIV> </DIV>
<DIV>###########################################################<BR>#<BR>=
#=20
Inbound Shaping (limits total bandwidth to 1000Kbps)<BR># Este es el =
enlace=20
descendente, desde internet hacia la red interna de Cherrytel</DIV>
<DIV> </DIV>
<DIV># set queue size to give latency of about 2 seconds on low-prio=20
packets<BR>ip link set dev $DEV1 qlen 30</DIV>
<DIV> </DIV>
<DIV># changes mtu on the outbound device. Lowering the mtu will=20
result<BR># in lower latency but will also cause slightly lower =
throughput=20
due<BR># to IP and TCP protocol overhead.<BR>ip link set dev $DEV1 mtu=20
1000</DIV>
<DIV> </DIV>
<DIV># add HTB root qdisc<BR>$TC qdisc add dev $DEV1 root handle 1: htb =
default=20
37</DIV>
<DIV> </DIV>
<DIV># add main rate limit classes<BR>$TC class add dev $DEV1 parent 1: =
classid=20
1:1 htb rate 1000kbit</DIV>
<DIV> </DIV>
<DIV># add leaf classes - We grant each class at LEAST it's "fair share" =
of=20
bandwidth.<BR># &nbs=
p; =20
this way no class will ever be starved by another class. =20
Each<BR># &nbs=
p; =20
class is also permitted to consume all of the available=20
bandwidth<BR>#  =
; =20
if no other classes are in use.<BR>$TC class add dev $DEV1 parent 1:1 =
classid=20
1:20 htb rate 64kbit ceil 1000kbit <BR>$TC class add dev =
$DEV1=20
parent 1:1 classid 1:21 htb rate 64kbit ceil 1000kbit </DIV>
<DIV>$TC class add dev $DEV1 parent 1:1 classid 1:22 htb rate 64kbit =
ceil=20
1000kbit <BR>$TC class add dev $DEV1 parent 1:1 classid 1:37 =
htb=20
rate 832kbit ceil 1000kbit #por defecto</DIV>
<DIV> </DIV>
<DIV>$TC class add dev $DEV1 parent 1:1 classid 1:23 htb rate 64kbit =
ceil=20
64kbit #prueba, maq WiFi</DIV>
<DIV> </DIV>
<DIV># attach qdisc to leaf classes - here we at SFQ to each priority=20
class. SFQ insures=20
that<BR># &nbs=
p;  =
; =20
within each class connections will be treated (almost) fairly.<BR>$TC =
qdisc add=20
dev $DEV1 parent 1:20 handle 20: sfq perturb 10<BR>$TC qdisc add dev =
$DEV1=20
parent 1:21 handle 21: sfq perturb 10<BR>$TC qdisc add dev $DEV1 parent =
1:22=20
handle 22: sfq perturb 10<BR>$TC qdisc add dev $DEV1 parent 1:37 handle =
37: sfq=20
perturb 10</DIV>
<DIV> </DIV>
<DIV>$TC qdisc add dev $DEV1 parent 1:23 handle 23: sfq perturb 10</DIV>
<DIV> </DIV>
<DIV># filter traffic into classes by fwmark - here we direct traffic =
into=20
priority class according=20
to<BR># =
&=
nbsp; &n=
bsp; =20
the fwmark set on the packet (we set fwmark with=20
iptables<BR># =
&=
nbsp; &n=
bsp; =20
later). Note that above we've set the default=20
priority<BR># =
&=
nbsp; &n=
bsp; =20
class to 1:37 so unmarked packets (or packets marked=20
with<BR># &nbs=
p;  =
; =
=20
unfamiliar IDs) will be defaulted to the lowest=20
priority<BR># =
&=
nbsp; &n=
bsp; =20
class.<BR>$TC filter add dev $DEV1 parent 1:0 prio 0 protocol ip handle =
20 fw=20
flowid 1:20<BR>$TC filter add dev $DEV1 parent 1:0 prio 0 protocol ip =
handle 21=20
fw flowid 1:21<BR>$TC filter add dev $DEV1 parent 1:0 prio 0 protocol ip =
handle=20
22 fw flowid 1:22<BR>$TC filter add dev $DEV1 parent 1:0 prio 0 protocol =
ip=20
handle 23 fw flowid 1:23</DIV>
<DIV> </DIV>
<DIV># Marking the packets. Se marcan los paquetes en el interfaz =
contrario,=20
para que no se vean<BR># afectados por el NAT que hacen las reglas del=20
firewall</DIV>
<DIV> </DIV>
<DIV>iptables -t mangle -N MYSHAPER-OUT<BR>iptables -t mangle -I =
PREROUTING -i=20
$DEV0 -j MYSHAPER-OUT</DIV>
<DIV> </DIV>
<DIV>#iptables -t mangle -A MYSHAPER-IN -p tcp --sport ssh -j MARK =
--set-mark=20
20</DIV>
<DIV> </DIV>
<DIV><BR>iptables -A MYSHAPER-OUT -d 172.9.264.30 -t mangle -j MARK =
--set-mark=20
20<BR>iptables -A MYSHAPER-OUT -d 172.9.264.31 -t mangle -j MARK =
--set-mark=20
20<BR>iptables -A MYSHAPER-OUT -d 172.9.264.32 -t mangle -j MARK =
--set-mark=20
20</DIV>
<DIV> </DIV>
<DIV>iptables -A MYSHAPER-OUT -d 172.9.234.22 -t mangle -j MARK =
--set-mark=20
21<BR>iptables -A MYSHAPER-OUT -d 172.9.234.71 -t mangle -j MARK =
--set-mark=20
21</DIV>
<DIV> </DIV>
<DIV>iptables -A MYSHAPER-OUT -d 172.9.234.25 -t mangle -j MARK =
--set-mark=20
22</DIV>
<DIV> </DIV>
<DIV>iptables -A MYSHAPER-OUT -d 172.9.234.14 -t mangle -j MARK =
--set-mark=20
23<BR></DIV>
<DIV># redundant- mark any unmarked packets as 26 (low prio)</DIV>
<DIV> </DIV>
<DIV>#El resto de tr=C3=A1co ir=C3­al flujo por defecto, el =
2:37.</DIV>
<DIV> </DIV>
<DIV># Done with inbound=20
shaping<BR>#<BR>####################################################</DIV=
>
<DIV> </DIV>
<DIV>echo "Control del enlace descendente activado."</DIV>
<DIV> </DIV>
<DIV>#Si solo se desea controlar el enlace descendente, quitar el =
comentario de=20
la siguiente instruccion exit<BR>#exit</DIV>
<DIV> </DIV>
<DIV>###########################################################<BR>#<BR>=
#=20
Outbound Shaping (limits total bandwidth to 1000Kbps)<BR># Este es el =
enlace=20
ascendente, desde la red interna de Cherrytel a internet</DIV>
<DIV> </DIV>
<DIV># set queue size to give latency of about 2 seconds on low-prio=20
packets<BR>ip link set dev $DEV0 qlen 30</DIV>
<DIV> </DIV>
<DIV># changes mtu on the outbound device. Lowering the mtu will=20
result<BR># in lower latency but will also cause slightly lower =
throughput=20
due<BR># to IP and TCP protocol overhead.<BR>ip link set dev $DEV0 mtu=20
1000</DIV>
<DIV> </DIV>
<DIV># add HTB root qdisc<BR>$TC qdisc add dev $DEV0 root handle 2: htb =
default=20
73</DIV>
<DIV> </DIV>
<DIV># add main rate limit classes<BR>$TC class add dev $DEV0 parent 2: =
classid=20
2:1 htb rate 1000kbit</DIV>
<DIV> </DIV>
<DIV># add leaf classes - We grant each class at LEAST it's "fair share" =
of=20
bandwidth.<BR># &nbs=
p; =20
this way no class will ever be starved by another class. =20
Each<BR># &nbs=
p; =20
class is also permitted to consume all of the available=20
bandwidth<BR>#  =
; =20
if no other classes are in use.<BR>$TC class add dev $DEV0 parent 2:1 =
classid=20
2:70 htb rate 64kbit ceil 1000kbit <BR>$TC class add dev =
$DEV0=20
parent 2:1 classid 2:71 htb rate 64kbit ceil 1000kbit =
<BR>$TC class=20
add dev $DEV0 parent 2:1 classid 2:72 htb rate 64kbit ceil =
1000kbit =20
<BR>$TC class add dev $DEV0 parent 2:1 classid 2:87 htb rate 744kbit =
ceil=20
1000kbit </DIV>
<DIV> </DIV>
<DIV>$TC class add dev $DEV0 parent 2:1 classid 2:73 htb rate 64kbit =
ceil=20
64kbit #prueba</DIV>
<DIV> </DIV>
<DIV># attach qdisc to leaf classes - here we at SFQ to each priority=20
class. SFQ insures=20
that<BR># &nbs=
p;  =
; =20
within each class connections will be treated (almost) fairly.<BR>$TC =
qdisc add=20
dev $DEV0 parent 2:70 handle 70: sfq perturb 10<BR>$TC qdisc add dev =
$DEV0=20
parent 2:71 handle 71: sfq perturb 10<BR>$TC qdisc add dev $DEV0 parent =
2:72=20
handle 72: sfq perturb 10<BR>$TC qdisc add dev $DEV0 parent 2:87 handle =
87: sfq=20
perturb 10</DIV>
<DIV> </DIV>
<DIV>$TC qdisc add dev $DEV0 parent 2:73 handle 73: sfq perturb 10</DIV>
<DIV> </DIV>
<DIV># filter traffic into classes by fwmark - here we direct traffic =
into=20
priority class according=20
to<BR># =
&=
nbsp; &n=
bsp; =20
the fwmark set on the packet (we set fwmark with=20
iptables<BR># =
&=
nbsp; &n=
bsp; =20
later). Note that above we've set the default=20
priority<BR># =
&=
nbsp; &n=
bsp; =20
class to 1:87 so unmarked packets (or packets marked=20
with<BR># &nbs=
p;  =
; =
=20
unfamiliar IDs) will be defaulted to the lowest=20
priority<BR># =
&=
nbsp; &n=
bsp; =20
class.<BR>$TC filter add dev $DEV0 parent 2:0 prio 1 protocol ip handle =
70 fw=20
flowid 1:70<BR>$TC filter add dev $DEV0 parent 2:0 prio 2 protocol ip =
handle 71=20
fw flowid 1:71<BR>$TC filter add dev $DEV0 parent 2:0 prio 3 protocol ip =
handle=20
72 fw flowid 1:72<BR>$TC filter add dev $DEV0 parent 2:0 prio 4 protocol =
ip=20
handle 73 fw flowid 1:73</DIV>
<DIV> </DIV>
<DIV># Marking the packets. Se marcan los paquetes en el interfaz =
contrario,=20
para que no se vean<BR># afectados por el NAT que hacen las reglas del=20
firewall</DIV>
<DIV> </DIV>
<DIV>iptables -t mangle -N MYSHAPER-IN<BR>iptables -t mangle -I =
PREROUTING -i=20
$DEV1 -j MYSHAPER-IN</DIV>
<DIV> </DIV>
<DIV>#iptables -t mangle -A MYSHAPER-IN -p ! tcp -j MARK --set-mark =
20</DIV>
<DIV> </DIV>
<DIV><BR>iptables -A MYSHAPER-IN -s 172.9.234.30 -t mangle -j MARK =
--set-mark=20
70<BR>iptables -A MYSHAPER-IN -s 172.9.234.31 -t mangle -j MARK =
--set-mark=20
70<BR>iptables -A MYSHAPER-IN -s 172.9.234.32 -t mangle -j MARK =
--set-mark=20
70</DIV>
<DIV> </DIV>
<DIV>iptables -A MYSHAPER-IN -s 172.9.234.22 -t mangle -j MARK =
--set-mark=20
71<BR>iptables -A MYSHAPER-IN -s 172.9.234.71 -t mangle -j MARK =
--set-mark=20
71</DIV>
<DIV> </DIV>
<DIV>iptables -A MYSHAPER-IN -s 172.9.234.25 -t mangle -j MARK =
--set-mark=20
72</DIV>
<DIV> </DIV>
<DIV>#Prueba maquina WiFi<BR>iptables -A MYSHAPER-IN -s 172.9.234.14 -t =
mangle=20
-j MARK --set-mark 73</DIV>
<DIV> </DIV>
<DIV>#El resto de tr=C3=A1co ir=C3­al flujo por defecto, el =
2:87.</DIV>
<DIV> </DIV>
<DIV><BR># Done with outbound shaping<BR></DIV>
<DIV>####################################################</DIV>
<DIV> </DIV>
<DIV>echo "Control del enlace ascendente activado."</DIV>
<DIV> </DIV>
<DIV>exit</DIV>
<DIV> </DIV>
<DIV>Thanks for your help!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>UN CORDIAL SALUDO</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Miguel =C1ngel Dom=EDnguez =
Dur=E1n.<BR>Departamento=20
T=E9cnico.<BR>Cherrytel Comunicaciones, S.L.<BR><A=20
href=3D"mailto:mdominguez@cherrytel.com">mdominguez@cherrytel.com</A><BR>=
<A=20
href=3D"http://www.cherrytel.com/">http://www.cherrytel.com/</A><BR>Tlf. =
902 115=20
673<BR>Fax 952218170</FONT></DIV></BODY></HTML>
------=_NextPart_000_000B_01C51041.8588A250--
More information about the LARTC
mailing list