LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-13-2010, 06:24 AM   #1
={D|D}=
LQ Newbie
 
Registered: May 2010
Posts: 2

Rep: Reputation: 0
Problem with traffic control, squid and iptables


Hello everybody,

I would like to limit the bandwith of OpenVPN user to 128 kbit up/down and redirect every http redirect to local squid. I use the following tc settings:

Code:
tun0:
qdisc cbq 11: root rate 1000Mbit (bounded,isolated) prio no-transmit
class cbq 11: root rate 1000Mbit (bounded,isolated) prio no-transmit
class cbq 11:1 parent 11: rate 128000bit (bounded) prio 1
filter parent 11: protocol ip pref 49152 fw 
filter parent 11: protocol ip pref 49152 fw handle 0x4 classid 11:1 

eth0:
qdisc cbq 10: root rate 1000Mbit (bounded,isolated) prio no-transmit
class cbq 10: root rate 1000Mbit (bounded,isolated) prio no-transmit
class cbq 10:1 parent 10: rate 128000bit (bounded) prio 1
filter parent 10: protocol ip pref 49152 fw 
filter parent 10: protocol ip pref 49152 fw handle 0x3 classid 10:1
These are the most relevant rules in iptables for this:

Code:
iptables -t mangle -A POSTROUTING -d 10.8.0.6 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -s 10.8.0.6 -j MARK --set-mark 3
It works so far, that means up and down is limited to 16 kbyte, but when I redirect the destination port 80 to the squid, the upload is not limited anymore. The download still works fine, but the upload is unlimited. I use this rule:

Code:
iptables -t nat -s 10.8.0.6 -A FORWARD -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 3128
What am I doing wrong? Big thanks in advance.
 
Old 05-13-2010, 07:20 PM   #2
={D|D}=
LQ Newbie
 
Registered: May 2010
Posts: 2

Original Poster
Rep: Reputation: 0
After a lot of research in the squid and iptable man I solved it. Thank you all.
 
Old 05-14-2010, 10:25 AM   #3
SuperJediWombat!
Member
 
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208

Rep: Reputation: 50
Code:
iptables -t nat -s 10.8.0.6 -A FORWARD -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 3128
there is no FORWARD chain in the nat table.

Do you mind sharing whatever you did to fix the problem, in case someone stumbles onto this thread with a similar issue?
 
  


Reply

Tags
bandwith, control, iptables, openvpn, squid, traffic


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to control traffic forward to Squid Server nguoimientay Linux - Software 1 05-06-2010 12:43 PM
Using Squid/Iptables to redirect inbound web traffic to url/IP winairmvs Linux - Software 2 01-13-2010 11:41 AM
Passing traffic to Squid using Iptables Yahooguntu Linux - Networking 1 08-29-2009 12:57 AM
tc traffic control tc traffic control Linux QoS control tool(noob help) inv|s|ble Linux - General 1 07-26-2007 11:12 AM
squid traffic control tarak4u Linux - Networking 0 03-17-2004 02:52 AM


All times are GMT -5. The time now is 10:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration