Hello everybody,
I would like to limit the bandwith of OpenVPN user to 128 kbit up/down and redirect every http redirect to local squid. I use the following tc settings:
Code:
tun0:
qdisc cbq 11: root rate 1000Mbit (bounded,isolated) prio no-transmit
class cbq 11: root rate 1000Mbit (bounded,isolated) prio no-transmit
class cbq 11:1 parent 11: rate 128000bit (bounded) prio 1
filter parent 11: protocol ip pref 49152 fw
filter parent 11: protocol ip pref 49152 fw handle 0x4 classid 11:1
eth0:
qdisc cbq 10: root rate 1000Mbit (bounded,isolated) prio no-transmit
class cbq 10: root rate 1000Mbit (bounded,isolated) prio no-transmit
class cbq 10:1 parent 10: rate 128000bit (bounded) prio 1
filter parent 10: protocol ip pref 49152 fw
filter parent 10: protocol ip pref 49152 fw handle 0x3 classid 10:1
These are the most relevant rules in iptables for this:
Code:
iptables -t mangle -A POSTROUTING -d 10.8.0.6 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -s 10.8.0.6 -j MARK --set-mark 3
It works so far, that means up and down is limited to 16 kbyte, but when I redirect the destination port 80 to the squid, the upload is not limited anymore. The download still works fine, but the upload is unlimited. I use this rule:
Code:
iptables -t nat -s 10.8.0.6 -A FORWARD -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 3128
What am I doing wrong? Big thanks in advance.