LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-12-2003, 03:07 AM   #1
turb0freak
LQ Newbie
 
Registered: Aug 2003
Posts: 3

Rep: Reputation: 0
Bandwidth limiting


Hi everyone! Ive been trying to read up on bandwidth limiting for use on a firewall. I guess CBQ is the best bet for me. Does anyone have any practical examples. Ive tried to implement it but i keep getting different results.


regards
edmund
 
Old 08-12-2003, 05:10 AM   #2
Robert0380
Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
http://www.linux.org/docs/ldp/howto/...imiting-HOWTO/

never done any BWLimiting so i just decided to find a howto. hope it helps.

Last edited by Robert0380; 08-12-2003 at 05:12 AM.
 
Old 08-12-2003, 03:53 PM   #3
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
edmund,

Linux Advanced Routing and Traffic Control. It has several examples.

I haven't done too much with it (aka I still don't remember syntax), but what problems are you having? What kind of traffic are you shaping?

Good Luck,
chris
 
Old 08-12-2003, 08:22 PM   #4
turb0freak
LQ Newbie
 
Registered: Aug 2003
Posts: 3

Original Poster
Rep: Reputation: 0
Hey , ive gone through the 'bandwidth limiting how to ' but i am still having trouble with CBQ. I dont have a proper example to work with. For some reason the example i got doesnt work. I would like to limit bandwidth for FTP traffic. I have a FTP server in a DMZ and I would like to limit it from external and internal machines. The firewall has 3NICs. LAN, DMZ and WAN(internet). Packets are port forwarded from the LAN and WAN(Internet) interfaces to the DMZ. I used 'Postrouting' rules from iptables.
If some one initiates a FTP download from the LAN to the server in the DMZ, the traffic will try to use the full 100MB and block other potential users using the firewall as a gateway to the internet.


DEVICE=eth1,10Mbit,1Mbit
RATE=1500Kbit
WEIGHT=200Kbit
PRIO=5
RULE=172.16.4.12

Someone told me that there was a way of applying the above script to enable filtering based on outgoing or incoming traffc.
IT doesnt seem to work for me.

regards
edmund
 
Old 08-12-2003, 09:07 PM   #5
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
edmund,

What example script are you running? Could you post it here, or provide a link? The info above doesn't talk how to match FTP data traffic, so I don't know how it is using the info.

The problem with filtering FTP traffic is it uses two different ways of connecting the data stream, active and passive (active means that the server connects back to the client, and passive means the server specifies a new port to the client to connect to). The easiest way is to use the iptables module to match FTP traffic, cause your probably already using it.

Have fun,
chris
 
Old 08-12-2003, 10:50 PM   #6
turb0freak
LQ Newbie
 
Registered: Aug 2003
Posts: 3

Original Poster
Rep: Reputation: 0
Hey Chris,. My mistake, in my haste i posted the wrong cbq scripts.
EVICE=eth1,10Mbit,1Mbit
RATE=1200Kbit
WEIGHT=100Kbit
PRIO=5
RULE=:20,172.16.4.1/24
RULE=:21,172.16.4.1/24

I applied it to the interface and tried downloading and it made NO difference.

eth0-lan
eth1-DMZ
eth2-WAN- internet.

regards
edmund
 
Old 08-13-2003, 08:42 PM   #7
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
edmund,

RULE=:20,172.16.4.1/24
I assume that means port 20 (ftp-data). If the client is using passive ftp, this won't match anything. You don't need to put port 21 because it is the "control" connection and doesn't use much bandwidth.

What cbq script are you running? I'm not up on the various packages that do this? Debian has a shaper package, but it uses a syntax of RULE=<IP address>:<port>, perhaps you have it backwords?

Have fun,
chris
 
Old 08-14-2003, 03:56 AM   #8
edmundturner
LQ Newbie
 
Registered: Aug 2003
Posts: 4

Rep: Reputation: 0
Hey chris, that must be it! I forgot about passive and active ftps!!!
This explains why the cbq script doesnt work. THanks alot!

But how do i control the bandwidth for passive FTP transfer???



regards
edmund
 
Old 08-14-2003, 06:23 AM   #9
boffy_b
LQ Newbie
 
Registered: Aug 2003
Posts: 4

Rep: Reputation: 0
I'm a *nix newbie, but wouldn't you just limit the bandwidth over whatever port parrive ftp uses, or or all ports, or for the IP of the person who was downloading? </bad logic>
 
Old 08-15-2003, 08:45 AM   #10
Nevion
Member
 
Registered: Aug 2003
Distribution: Slackware 9.0
Posts: 31

Rep: Reputation: 15
wshaper will probably be a big help
 
Old 08-15-2003, 10:29 PM   #11
edmundturner
LQ Newbie
 
Registered: Aug 2003
Posts: 4

Rep: Reputation: 0
wshaper? hrmm..ill go try it out. Thanks again fro the info guys!

edmund
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
bandwidth limiting gubak Linux - Networking 1 03-02-2005 06:51 AM
Bandwidth Limiting UnrealTear Linux - Software 2 04-10-2004 10:33 PM
Bandwidth limiting dunkyb Linux - Networking 3 09-17-2003 04:36 AM
Bandwidth Limiting boundless Linux - Networking 2 04-15-2003 02:07 PM
bandwidth limiting karunesh Linux - Networking 5 11-09-2002 02:28 AM


All times are GMT -5. The time now is 03:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration