LinuxQuestions.org - [SOLVED] Problem with traffic control, squid and iptables

Hello everybody,

I would like to limit the bandwith of OpenVPN user to 128 kbit up/down and redirect every http redirect to local squid. I use the following tc settings:

Code:

tun0:

qdisc cbq 11: root rate 1000Mbit (bounded,isolated) prio no-transmit

class cbq 11: root rate 1000Mbit (bounded,isolated) prio no-transmit

class cbq 11:1 parent 11: rate 128000bit (bounded) prio 1

filter parent 11: protocol ip pref 49152 fw 

filter parent 11: protocol ip pref 49152 fw handle 0x4 classid 11:1 



eth0:

qdisc cbq 10: root rate 1000Mbit (bounded,isolated) prio no-transmit

class cbq 10: root rate 1000Mbit (bounded,isolated) prio no-transmit

class cbq 10:1 parent 10: rate 128000bit (bounded) prio 1

filter parent 10: protocol ip pref 49152 fw 

filter parent 10: protocol ip pref 49152 fw handle 0x3 classid 10:1

These are the most relevant rules in iptables for this:

Code:

iptables -t mangle -A POSTROUTING -d 10.8.0.6 -j MARK --set-mark 4

iptables -t mangle -A PREROUTING -s 10.8.0.6 -j MARK --set-mark 3

It works so far, that means up and down is limited to 16 kbyte, but when I redirect the destination port 80 to the squid, the upload is not limited anymore. The download still works fine, but the upload is unlimited. I use this rule:

Code:

iptables -t nat -s 10.8.0.6 -A FORWARD -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 3128

What am I doing wrong? Big thanks in advance.