I have also tried the Wondershaper script in the past when first getting into QoS etc..<br>This script only really helps for egress shaping for those who have DSL lines and a lot of uplink traffic, and want to bring down response times for gaming etc...
<br><br>Try <a href="http://freshmeat.net/projects/fairnat/">FairNat</a> , It doesn't support multiple subnets, but since you have seperate external IP's, it might just be able to help. I use(and modified mine), and currently working very well. Thinking of trying HSFC , instead of HTB in the future, but getting docs that make sense is my current problem...
<br><br>I hope this helps, since I am also quite new to all this myself. But sure is fun fiddling ;-).<br><br>Jaques<br><br><div><span class="gmail_quote">On 21/11/06, <b class="gmail_sendername">drew einhorn</b> <<a href="mailto:drew.einhorn@gmail.com">
drew.einhorn@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="margin-top: 0; margin-right: 0; margin-bottom: 0; margin-left: 0; margin-left: 0.80ex; border-left-color: #cccccc; border-left-width: 1px; border-left-style: solid; padding-left: 1ex">
I'm trying to shape traffic on a Devil-Linux box.<br><br>This note was originally sent to their maillist,<br>because the LARTC list appears to have been down<br>for the past few days. My mailbox was just flooded<br>with a half dozen or so confirmation requests in response
<br>to my repeated attempts to subscribe to this list.<br><br>---------- Forwarded message ----------<br>From: drew einhorn <<a href="mailto:drew.einhorn@gmail.com">drew.einhorn@gmail.com</a>><br>Date: Nov 19, 2006 11:51 PM
<br>Subject: Traffic Shaping on a Transparent Bridge not working!<br>To: <a href="mailto:devil-linux-discuss@lists.sourceforge.net">devil-linux-discuss@lists.sourceforge.net</a><br><br><br>My first DL project was going well. Then I ran into problems attempting
<br>to shape my bandwidth.<br><br>First I'll describe the parts that I believe are working correctly.<br><br>I have a DL 1.2.11 box running the default kernel, 2.4.33.3-grsec<br><br>I have br0 bridging all four ports eth0, eth1, eth2, eth3 on a quad port
<br>pci card. The bridge has not been assigned an ip number on the theory<br>that this makes it much more difficult to attack. The bridge connects<br>four devices on the 3bit public static ip block from my ISP.<br><br>I have a single port ethernet pci card, eth4 with a static ip, on my
<br>internal private ip network. It is used for remote managent of the DL<br>box from anywhere on my internal network.<br><br>eth0 is connected to my ISP's router via the ethernet port on my<br>ISDN modem. I know ISDN is a nearly dead technology, but it's the best
<br>thing my crappy telco offers. Tried a satellite ISP, but that's another<br>long and sad story.<br><br>eth1 is connected to a hardened publicly accessible host.<br><br>eth2 and eth3 are connected to the WAN ports on a couple of Linksys
<br>Cable/DSL routers. Eventually most of their functions will migrate to the<br>DL box, but that is more than I wanted to bite off in my first DL project.<br><br>The first Linksys box NATs one of my public ips to my internal private
<br>ip network. The second Linksys box is newer and includes a wireless<br>access point used by a couple neighbors. It NATs a second public ip to<br>a separate private ip network.<br><br>All of the above appears to be working as expected.
<br><br>After pondering the mysteries of traffic shaping I decided to start with<br>wondershaper 1.1a from <a href="http://lartc.org">lartc.org</a>, rather than starting from scratch.<br><br>Tried both the cbq and htb versions without any success.
<br><br>RTFM time. The htb section of <a href="http://lartc.org/howto/index.html">http://lartc.org/howto/index.html</a> is easier<br>reading than the cbq section. And the howto claims htb is better anyway.<br>Let's focus on the htb version of wondershaper.
<br><br>OK, First we edit wshaper.htb and configure the shell variables. Then we<br>run: sh -x wshaper.htb<br>to echo the commands as they are executed.<br><br>Then we start pinging the router at the other end of the ISDN line.
<br><br>Then we start downloading a file to generate some traffic that really<br>needs to be shaped.<br><br>Then we run: sh -x wshaper.htb status<br>to gather some statistics<br><br>then we kill the download.<br><br>then we sh -x
wshaper.htb stop to shut down the malfunctioning shaper.<br><br>Here's the output from the ping:<br><br>$ ping <a href="http://67.0.192.10">67.0.192.10</a><br>PING <a href="http://67.0.192.10">67.0.192.10</a> (<a href="http://67.0.192.10">
67.0.192.10</a>) 56(84) bytes of data.<br><br>Link is idle, normal ping times.<br><br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=0 ttl=254 time=48.5 ms<br>64 bytes from <a href="http://67.0.192.10">
67.0.192.10</a>: icmp_seq=1 ttl=254 time=48.4 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=2 ttl=254 time=48.4 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=3 ttl=254 time=
48.4 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=4 ttl=254 time= 48.5 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=5 ttl=254 time=67.8 ms<br>64 bytes from <a href="http://67.0.192.10">
67.0.192.10</a>: icmp_seq=6 ttl=254 time=48.3 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=7 ttl=254 time=48.2 ms<br><br>Download starts. Shaping is not working! Queues in<br>router and/or ISDN modem grow, and ping times rapidly
<br>become huge.<br><br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=8 ttl=254 time=184 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=9 ttl=254 time=1080 ms<br>64 bytes from
<a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=10 ttl=254 time=2025 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=11 ttl=254 time=1551 ms<br>64 bytes from <a href="http://67.0.192.10">
67.0.192.10</a>: icmp_seq=12 ttl=254 time=1078 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=13 ttl=254 time=896 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=14 ttl=254 time=1088 ms
<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=15 ttl=254 time=1171 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=16 ttl=254 time=1272 ms<br>64 bytes from <a href="http://67.0.192.10">
67.0.192.10</a>: icmp_seq=17 ttl=254 time=1280 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=18 ttl=254 time=1101 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=19 ttl=254 time=1258 ms
<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=20 ttl=254 time=1211 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=21 ttl=254 time=1259 ms<br>64 bytes from <a href="http://67.0.192.10">
67.0.192.10</a>: icmp_seq=22 ttl=254 time=1373 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=23 ttl=254 time=1424 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=24 ttl=254 time=1461 ms
<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=25 ttl=254 time=1277 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=26 ttl=254 time=1521 ms<br>64 bytes from <a href="http://67.0.192.10">
67.0.192.10</a>: icmp_seq=27 ttl=254 time=1467 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=28 ttl=254 time=1335 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=29 ttl=254 time=1329 ms
<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=30 ttl=254 time=1386 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=31 ttl=254 time=1360 ms<br>64 bytes from <a href="http://67.0.192.10">
67.0.192.10</a>: icmp_seq=32 ttl=254 time=1416 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=33 ttl=254 time=1480 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=34 ttl=254 time=1345 ms
<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=35 ttl=254 time=1356 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=36 ttl=254 time=1370 ms<br>64 bytes from <a href="http://67.0.192.10">
67.0.192.10</a>: icmp_seq=37 ttl=254 time=1278 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=38 ttl=254 time=1612 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=39 ttl=254 time=1520 ms
<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=40 ttl=254 time=1322 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=41 ttl=254 time=1545 ms<br><br>Kill the download. queues drain and ping times return to normal
<br><br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a> : icmp_seq=42 ttl=254 time=975 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=43 ttl=254 time=67.4 ms<br>64 bytes from <a href="http://67.0.192.10">
67.0.192.10</a>: icmp_seq=44 ttl=254 time= 73.6 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=45 ttl=254 time=45.2 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=46 ttl=254 time=
45.2 ms<br>64 bytes from <a href="http://67.0.192.10">67.0.192.10</a>: icmp_seq=47 ttl=254 time=44.8 ms<br><br><br>And, here's the shell commands and their output:<br><br>root@Devil:~ # sh -x wshaper.htb<br>+ DOWNLINK=100
<br>+ UPLINK=100<br>+ DEV=eth0<br>+ NOPRIOHOSTSRC=<br> + NOPRIOHOSTDST=<br>+ NOPRIOPORTSRC=<br>+ NOPRIOPORTDST=<br>+ '[' '' = status ']'<br>+ tc qdisc del dev eth0 root<br>+ tc qdisc del dev eth0 ingress<br>+ '[' '' = stop ']'
<br>+ tc qdisc add dev eth0 root handle 1: htb default 20<br>+ tc class add dev eth0 parent 1: classid 1:1 htb rate 100kbit burst 6k<br>+ tc class add dev eth0 parent 1:1 classid 1:10 htb rate 100kbit burst 6k prio 1<br>+ tc class add dev eth0 parent 1:1 classid 1:20 htb rate 90kbit burst 6k prio 2
<br>+ tc class add dev eth0 parent 1:1 classid 1:30 htb rate 80kbit burst 6k prio 2<br>+ tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10<br>+ tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10<br>+ tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
<br>+ tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip<br>tos 0x10 0xff flowid 1:10<br>+ tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip<br>protocol 1 0xff flowid 1:10<br>+ tc filter add dev eth0 parent 1: protocol ip prio 10 u32 match ip
<br>protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2<br>match u8 0x10 0xff at 33 flowid 1:10<br>+ tc filter add dev eth0 parent 1: protocol ip prio 18 u32 match ip<br>dst <a href="http://0.0.0.0/0">0.0.0.0/0
</a> flowid 1:20<br>+ tc qdisc add dev eth0 handle ffff: ingress<br>+ tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip<br>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> police rate 100kbit burst 10k drop flowid :1
<br><br><br>root@Devil:~ # sh -x wshaper.htb status<br>+ DOWNLINK=100<br>+ UPLINK=100<br>+ DEV=eth0<br>+ NOPRIOHOSTSRC=<br>+ NOPRIOHOSTDST=<br>+ NOPRIOPORTSRC=<br>+ NOPRIOPORTDST=<br>+ '[' status = status ']'<br>+ tc -s qdisc ls dev eth0
<br>qdisc htb 1: r2q 10 default 20 direct_packets_stat 0<br> Sent 18649 bytes 191 pkts (dropped 0, overlimits 0)<br>qdisc sfq 10: parent 1:10 limit 128p quantum 1514b perturb 10sec<br> Sent 10582 bytes 147 pkts (dropped 0, overlimits 0)
<br>qdisc sfq 20: parent 1:20 limit 128p quantum 1514b perturb 10sec<br> Sent 8067 bytes 44 pkts (dropped 0, overlimits 0)<br>qdisc sfq 30: parent 1:30 limit 128p quantum 1514b perturb 10sec<br> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
<br>qdisc ingress ffff: ----------------<br> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)<br>+ tc -s class ls dev eth0<br>class htb 1:1 root rate 100000bit ceil 100000bit burst 6Kb cburst 1724b<br> Sent 18649 bytes 191 pkts (dropped 0, overlimits 0)
<br> rate 1320bit 1pps<br> lended: 0 borrowed: 0 giants: 0<br> tokens: 398459 ctokens: 108855<br><br>class htb 1:10 parent 1:1 leaf 10: prio 1 rate 100000bit ceil<br>100000bit burst 6Kb cburst 1724b<br> Sent 10582 bytes 147 pkts (dropped 0, overlimits 0)
<br> rate 656bit 1pps<br> lended: 147 borrowed: 0 giants: 0<br> tokens: 398459 ctokens: 108855<br><br>class htb 1:20 parent 1:1 leaf 20: prio 2 rate 90000bit ceil 90000bit<br>burst 6Kb cburst 1711b<br> Sent 8067 bytes 44 pkts (dropped 0, overlimits 0)
<br> rate 712bit<br> lended: 44 borrowed: 0 giants: 0<br> tokens: 432284 ctokens: 109555<br><br>class htb 1:30 parent 1:1 leaf 30: prio 2 rate 80000bit ceil 80000bit<br>burst 6Kb cburst 1699b<br> Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
<br> lended: 0 borrowed: 0 giants: 0<br> tokens: 503316 ctokens: 139264<br><br>+ exit<br>root@Devil:~ # sh -x wshaper.htb stop<br>+ DOWNLINK=100<br>+ UPLINK=100<br>+ DEV=eth0<br>+ NOPRIOHOSTSRC=<br>+ NOPRIOHOSTDST=<br>+ NOPRIOPORTSRC=
<br>+ NOPRIOPORTDST=<br>+ '[' stop = status ']'<br>+ tc qdisc del dev eth0 root<br>+ tc qdisc del dev eth0 ingress<br>+ '[' stop = stop ']'<br>+ exit<br><br>root@Devil :~ #<br><br>Don't think we generated enough uplink traffic to exercise the htb qdiscs.
<br><br>But it doesn't look like the ingress qdisc is working at all.<br><br>I'm out of ideas for now.<br><br>--<br>Drew Einhorn<br>_______________________________________________<br>LARTC mailing list<br><a href="mailto:LARTC@mailman.ds9a.nl">
LARTC@mailman.ds9a.nl</a><br><a href="http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc">http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc</a><br></blockquote></div><br>