[LARTC] Please: "judge" this script
Ricardo Chamorro
ricardo.a.chamorro at gmail.com
Wed Jul 6 16:05:59 CEST 2005
I copied and tried to adapt to my necessities the excellent script of Pedro Larroy, but I am inexperienced in QoS and I have doubts.
I have cablemodem to Internet 1024kbit down and 256kbit up, through eth0. The LAN has eth1 and NAT.
I formed the band so that shaping goes by the eth1 (of the LAN) with bandwidth maximum CEIL=768.
But I observe that the traffic sometimes accelerates and other moments stops.
Please, you they could say to me what is bad of script that I paste below??? (iptables mangle mark ports 54xxx is for emule)
Thanks for its patience.
----------paste script-------------------------------------------------
CEIL=768
#Primero borrar todas las bandas que pudiera haber
tc qdisc del dev eth1 root
#Se crea la banda principal root 1, cuyos paquetes por defecto van a la banda 1
tc qdisc add dev eth1 root handle 1: htb default 15
tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 270kbit ceil 270kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 270kbit ceil ${CEIL}kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 68kbit ceil ${CEIL}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 68kbit ceil ${CEIL}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 34kbit ceil ${CEIL}kbit prio 3
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 100kbit ceil ${CEIL}kbit prio 1
#Se asocia la cola sfq con la banda hija
tc qdisc add dev eth1 parent 1:11 handle 110: sfq perturb 10
tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10
tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10
#Se asocian las marcas que hubiera en iptables mangle con las bandas respectivas
tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:10
tc filter add dev eth1 protocol ip parent 1:0 prio 2 handle 2 fw classid 1:11
tc filter add dev eth1 protocol ip parent 1:0 prio 3 handle 3 fw classid 1:12
tc filter add dev eth1 protocol ip parent 1:0 prio 4 handle 4 fw classid 1:13
tc filter add dev eth1 protocol ip parent 1:0 prio 5 handle 5 fw classid 1:14
tc filter add dev eth1 protocol ip parent 1:0 prio 6 handle 6 fw classid 1:15
#Se dan las reglas iptables para marcar lo que nos interesa
$IPTABLES -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -p icmp -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 0x5
$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN
$IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN
#Esto prioriza paquetes del puerto seteado
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j RETURN
#Esto prioriza paquetes al comienzo de conexiones tcp con SYN flag
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
#Cierra reglas de la tabla prerouting mangle
$IPTABLES -t mangle -A PREROUTING -j MARK --set-mark 0x6
#Todo lo mismo que lo anterior, pero en OUTPUT, para trafico generado localmente
$IPTABLES -t mangle -A OUTPUT -p icmp -j MARK --set-mark 0x1
$IPTABLES -t mangle -A OUTPUT -p icmp -j RETURN
$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j RETURN
$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j MARK --set-mark 0x5
$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j RETURN
$IPTABLES -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j RETURN
#Esto prioriza paquetes del puerto seteado
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 80 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54661 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54661 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54662 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54662 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 56881 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 56881 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54711 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54711 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54665 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54665 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54672 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54672 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 56881 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 56881 -j RETURN
#Esto prioriza paquetes al comienzo de conexiones tcp con SYN flag
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
#Cierra reglas de la tabla OUTPUT mangle
$IPTABLES -t mangle -A OUTPUT -j MARK --set-mark 0x3
--------------------------end paste----------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20050706/77230d59/attachment.htm
More information about the LARTC
mailing list