LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-11-2004, 01:45 AM   #1
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Rep: Reputation: 30
limit the amount of bandwidth used by certain protocols


Hi everyone

Not sure where this should go but its not really a SECURITY issue so ill place it here...

I am hopeing to (using iptables if possible) limit the amount of bandwidth used by certain protocols.. basically I have noticed that as soon as my firewall is opened for "non-office" hours everyone jumps on eDonkey and other P2P. It slows down the normal downloads and also browsing the internet. I could block them all but I think that they need to feel that they arent being given the IT SQUIRREL GRIP (if u dont know what that is DONT WORRY hehe) so what I want is for services to be split into 2 categories

1. Normal Traffic
2. Special Traffic

I want services such as HTTP, EMAIL and the sort to have priority over the others.

I would therefor like to have the other services (running on different ports) to be able to use a certain amount of the bandwidth. IF the network gets conjested then HTTP, EMAIL etc will be able to use 50%

if its easier I would just give NORMAL TRAFFIC 50% and SPECIAL TRAFFIC 50%
but preferably it would adjust itself to suit the need. If no requests are being made on NORMAL TRAFFIC then SPECIAL TRAFFIC could use more of the bandwidth. this IDEAL but if its not possible then ill just go with 50/50 (if thats possible)

I would like to impliment this into my iptables scripts if possible

Thanks
Chris
 
Old 03-14-2004, 12:22 PM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
If you want to work with % percentages, you will need a proper queing package
eg cbq, tc etc

If it's ok to work with kB per connection, the LIMIT match works well, or
you could consider some netfilter patches at www.netfilter.org in the patchomatic system.
 
Old 03-15-2004, 01:25 AM   #3
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Original Poster
Rep: Reputation: 30
ok

so what would the settings be?

the command will look like this:
Code:
$IPTABLES -A INPUT -i $INSIDE -p tcp --dport 4000:5000 -m limit --limit 3/minute --limit-burst 20 -j ACCEPT
let say I want to limit p2p downloads to say 56KB (we have a 256K connection) what would the line look like?

Thanks
Chris
 
Old 03-16-2004, 09:10 PM   #4
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Original Poster
Rep: Reputation: 30
ok i think im confusing myself hahaha

I have worked out that I must also restrict the "sport" to effectively restrict the traffic HOWEVER I have no way of REALLY testing if its working? any suggestions?

this is what I have atm

Code:
###############################
#    Limiting P2P Traffic     #
###############################

$IPTABLES -A INPUT -i $INSIDE -s 192.168.1.27 -p tcp --dport 1000:10000 -m limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $INSIDE -s 192.168.1.27 -p tcp --sport 1000:10000 -m limit --limit 5/second -j ACCEPT
at the moment I am only restricting myself cause if something goes bad its my own prob ahhaha

so how to test if it is limiting the traffic...

let me try to write out my understanding of the rule and then id love ANYONE to correct me cause i think im wrong

-m limit --limit 5/second -j ACCEPT

5/second will only allow 5 packets(or Kb's???) through each second and the rest will be dropped? correct?

what does the limit-burst command actually do? does it allow 5 packets (or Kb's?) per second until it reaches the packet burst.. then resets?

the man page isnt that helpful with this.. at least I dont really understand..

So things i would LOVE answers too
1. is the number relevant to KB's or Packets?
2. If its packets how do I translate THAT into KB's so I know how many to allow per second. We have a 256KB connection.. so I would like to restrict the P2P to say 56Kb/Second (spread over everyone) which will piss people off but at least our normal traffic can run without coming to a slow stop

A little help :P

Thanks
Chris
 
Old 03-22-2004, 09:12 PM   #5
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Original Poster
Rep: Reputation: 30
I have looked into tc because I cant get any answers regarding the limit function.. but i find it really confusing... can anyone help with some exampled...

IDEALLY i want to limit traffic from all ports except say: 80, 443, 20, 21, 22, 3128, etc etc

so i want to limit the traffic on the remaining ports to say 30%

If their is no traffic will it then realise and be able to download a higher percentage??

Thanks
Chris
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Vsftpd - how to limit download bandwidth but unlimited upload bandwidth? mpls mikeg Linux - Software 3 08-13-2005 01:52 PM
Limiting the amount of bandwidth Apache Uses wenberg Linux - Software 0 02-07-2005 11:39 AM
Is it possible to limit the amount of characters on members' profile? Mega Man X LQ Suggestions & Feedback 9 05-16-2004 01:46 PM
Limit the amount of login attempts to machine jester_69 Linux - Security 4 10-14-2003 02:35 PM
Limit amount of emails on server ganninu Linux - Networking 7 07-30-2003 11:21 AM


All times are GMT -5. The time now is 03:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration