Hi, <br><br>Thanks for your script. I am still a newbie to this traffic control. I have only done polcy routing with iproute2. <br><br>I was thinking how to write this script. You have already given a start. <br><br>I have been reading Below URLs.
<br><br><a href="http://lartc.org/howto/lartc.qdisc.classful.html">http://lartc.org/howto/lartc.qdisc.classful.html</a><br><a href="http://edseek.com/~jasonb/articles/traffic_shaping/linuxtc.html">http://edseek.com/~jasonb/articles/traffic_shaping/linuxtc.html
</a><br><a href="http://tldp.org/HOWTO/Traffic-Control-HOWTO/index.html">http://tldp.org/HOWTO/Traffic-Control-HOWTO/index.html</a><br><a href="http://edseek.com/~jasonb/articles/traffic_shaping/classes.html#qdiscex">http://edseek.com/~jasonb/articles/traffic_shaping/classes.html#qdiscex
</a><br><br>But, I still find it dificult to understand fully. <br><br>Hey, shall We disculls the script you wrote below . <br><div><span class="gmail_quote"><br></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style=""><div><p>I understand below 4 rules. last rule marks <a href="http://192.168.102.0/24">192.168.102.0/24</a> traffic as 5 <br> </p>
<p><span style="font-weight: bold;">INTERFAZ_INT=eth0 </span> </p>
<p style="font-weight: bold;">BAND=256</p>
<p style="font-weight: bold;">BAND_CLIENTS=64</p>
<p style="font-weight: bold;">iptables -t mangle -A PREROUTING -s <a href="http://192.168.102.0/24" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.102.0/24</a> -j MARK --set-mark 0x5</p></div>
</div></blockquote><div><br>But, I do not understand below rules. <br> </div>shall we discuss one by one. <br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style=""><div><p>tc qdisc add dev $INTERFAZ_INT root handle 1 htb r2q 4 </p></div></div></blockquote>the above rule adds a qdisc to internet interace. what is r2q ad 4 there ?. I do not understand those two.<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style=""><div><p>tc class add dev $INTERFAZ_INT parent 1: classid 1:2 htb rate "$BAND"Kbit</p></div></div></blockquote><div>FULL bandwidth with above rule.<br> </div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style=""><div><p>tc class add dev $INTERFAZ_INT parent 1: classid 1:5 htb rate "$BAND_CLIENTS"Kbit</p></div></div></blockquote><div><br>and 64 kbit with above with above rule. <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style=""><div><p>tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10</p></div></div></blockquote><div><br>What is this above rule?, I don not understand at all. <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style=""><div><p>tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 10 fw classid 1:5</p></div></div></blockquote><div><br>I do not understand the above rule too.<br><br>hope to hear from you. <br></div>
<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style=""><div><p>Feel free to ask to me what you wish.</p></div></div></blockquote>
<div>THAKS for above comment. <br><br> </div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style=""><div><p>Regards</p>
<p>Paolo Malfatti</p>
<p><br></p></div>
<div></div>
<blockquote style="border-left: 2px solid rgb(160, 198, 229); padding-left: 5px; margin-left: 5px; margin-right: 0px;"><font style="font-size: 11px; font-family: tahoma,sans-serif;">
</font><hr color="#a0c6e5" size="1">
<div></div><font style="font-size: 11px; font-family: tahoma,sans-serif;">From: <i>"Indunil Jayasooriya" <<a href="mailto:indunil75@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
indunil75@gmail.com</a>></i><br>To: <i><a href="mailto:lartc@mailman.ds9a.nl" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">lartc@mailman.ds9a.nl</a></i><br>Subject: <i>[LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall
</i><br>Date: <i>Thu, 2 Aug 2007 14:48:55 +0530</i></font><div><span class="e" id="q_11430c0437e54a2e_1"><font style="font-size: 11px; font-family: tahoma,sans-serif;"><br>
</font><div></div><font style="font-size: 11px; font-family: tahoma,sans-serif;"><br><br><span class="gmail_quote"></span>Hi,<br><br>We have a 256 kbits/s (kilobits per second) link to the internet. it is a router running Linux that belongs to our ISP. They have given us 8 internet ips. (
i.e- subnet is <a href="http://255.255.255.248/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
<div></div>255.255.255.248
<div></div></a>). one has been given to this router. I have given another internet ip to the firewall running CentOS 4.5. iptables is running on it. And also, I have installed iproute2 pkg as well. <br><br>pls see below for installed pkgs.
</font><div></div><font style="font-size: 11px; font-family: tahoma,sans-serif;"><br>[root@firebox ~]# rpm -qa |grep iptables<br><span style="font-weight: bold;">iptables-1.2.11-3.1.RHEL4</span><br>[root@firebox ~]# rpm -qa |grep iproute
<br>i<span style="font-weight: bold;">proute-2.6.9-3.EL4.3.centos4
<div></div>
<div></div><br><br></span>This firewall has 3 ethernet cards at the moment. one is connected to router. one is connected to our DMZ zone. one is connected to LAN1. <br><br>These are ips of the firewall. <br><br>eth0 (internet) -
<a href="http://1.2.3.4/255.255.255.248" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
<div></div>
<div></div>1.2.3.4/255.255.255.248</a> (pls assume it. For security reason, I will not give you the actual ip)<br>eth1 (DMZ Zone) - <a href="http://192.168.100.254/255.255.255.0" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
<div></div>192.168.100.254/255.255.255.0</a><br>eth2 (LAN1) - <a href="http://192.168.101.254/255.255.255.0" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
<div></div>192.168.101.254/255.255.255.0</a><br><br>Now, everyone in LAN1 has access to internet. (due to SNAT rule)<br><br>Now, I want to install another ethernet card to this firewall. then, it would be eth3. <br><br>eth3 will be as follows.
</font><div></div><font style="font-size: 11px; font-family: tahoma,sans-serif;"><br><br>eth3 (LAN2) - <a href="http://192.168.102.254/255.255.255.0" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.102.254/255.255.255.0</a><br><br>Now, I want put about 5 people (5 PCs) behind this LAN2 and give internet access to them. But, I do not want them to use my whole bandwidth (
</font><div></div><font style="font-size: 11px; font-family: tahoma,sans-serif;">i.e - 256 kbit/s), But Instead, I want peple behind this LAN2 to allocate <span style="font-weight: bold;">64 kbits/s</span> (kilo bits per second) for
<span style="font-weight: bold;">their internert access</span>. <br>
</font><div></div>
<div></div><font style="font-size: 11px; font-family: tahoma,sans-serif;"><br>Is it possible to acheive this task on firewall running iptables and iproute2 (CentOS 4.5) ? <br><br>If so, How can I do such thing? <br><br>If I do such thing, what will happen to the people behind LAN1 ? Will they get whole 256 kbits/s as before or will they get 256 kbit/s - 64 kbit/s for their internet access?
</font><div></div><font style="font-size: 11px; font-family: tahoma,sans-serif;"><br><br><br>Hope to hear form you. <br><br><br><br><br><br><br><span style="font-weight: bold;"></span><br><br><br clear="all"><br>-- <br>Thank you
<br><span>Indunil Jayasooriya<br>
<div></div></span><br clear="all"><br>-- <br>Thank you<br>Indunil Jayasooriya<br>
</font><div></div>
<div></div><font style="font-size: 11px; font-family: tahoma,sans-serif;"><br>
</font></span></div><font style="font-size: 11px; font-family: tahoma,sans-serif;"></font><p><font style="font-size: 11px; font-family: tahoma,sans-serif;">>_______________________________________________<br>>LARTC mailing list
<br>><a href="mailto:LARTC@mailman.ds9a.nl" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">LARTC@mailman.ds9a.nl</a><br>><a href="http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc</a><br>
</font></p><p></p><p></p></blockquote></div><br clear="all"><hr>Las mejores tiendas, los precios mas bajos, entregas en todo el mundo, YupiMSN Compras: <a href="http://g.msn.com/8HMBES/2746??PS=47575" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
Haz clic aquí...</a>
</blockquote></div><br><br clear="all"><br>-- <br>Thank you<br>Indunil Jayasooriya<br>