LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-21-2006, 03:02 AM   #1
uguoT
LQ Newbie
 
Registered: Feb 2006
Posts: 5

Rep: Reputation: 0
Unhappy Traffic Shaping


Problem: subnet 192.168.3.0 is not limited!! The download speed is just like subnet 192.168.2.0!

Problem 2: when 2 PCs start downloading it takes 3-4 min to devide the traffic (almost) equally!

System: Slackware current ; kerlnel 2.4.32 ; iptables 1.3.3

Scripts:

1. dhcp.firewall
Quote:
#!/bin/sh

INET_IFACE="eth0"

DHCP="yes"
DHCP_SERVER=""

PPPOE_PMTU="no"

LAN_IP="192.168.0.1"
LAN_IP_RANGE="192.168.0.0/16"
LAN_IFACE="eth1"

LO_IFACE="lo"
LO_IP="127.0.0.1"

IPTABLES="/usr/sbin/iptables"

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -t mangle -F mark-out
$IPTABLES -t mangle -F POSTROUTING

$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

$IPTABLES -N bad_tcp_packets

$IPTABLES -N allowed
$IPTABLES -N tcp_packets
$IPTABLES -N udp_packets
$IPTABLES -N icmp_packets

$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK \
-m state --state NEW -j REJECT --reject-with tcp-reset
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
--log-prefix "[IPTABLES BAD_TCP_PACKETS] : "
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP

$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP

$IPTABLES -A tcp_packets -p TCP -s 192.168.2.0/16 --dport 21 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 192.168.2.0/16 --dport 22 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 192.168.0.0/16 --dport 80 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 192.168.2.0/16 --dport 2401 -j allowed

$IPTABLES -A udp_packets -p UDP -s 192.168.0.0/16 --source-port 53 -j ACCEPT

$IPTABLES -A INPUT -p tcp -j bad_tcp_packets

$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -j ACCEPT

$IPTABLES -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets
$IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udp_packets
$IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets

$IPTABLES -A INPUT -i $INET_IFACE -d 224.0.0.0/8 -j DROP

$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-level DEBUG --log-prefix "[IPTABLES INPUT] : "

$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets

$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-level DEBUG --log-prefix "[IPTABLES FORWARD] : "

$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets

$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT

$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-level DEBUG --log-prefix "[IPTABLES OUTPUT] : "

if [ $PPPOE_PMTU == "yes" ] ; then
$IPTABLES -t nat -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
fi
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE

$IPTABLES -t mangle -N mark-out
2. mark_peering.pl (I know that it's not optimized but for now it's not a problem)
Quote:
#!/usr/bin/perl

use Shell;

$comm = wget(' -q -O bg_nets.txt "I can't post URLs"');
print "$comm";
open(file, "bg_nets.txt");
print "Building rules..\n";
while (<file>) {
chomp($_);
if (index($_,"#") == -1)
{
# print "Building rules for $_ \n";
$comm = iptables (" -t mangle -I POSTROUTING 1 -d $_ -j mark-out");
print "$comm";
}
}
$ip=1;
while ($ip <= 5 )
{
$comm = iptables(" -t mangle -A mark-out -s 192.168.2.$ip -j MARK --set-mark 100");
print "$comm";
$comm = iptables(" -t mangle -A POSTROUTING -s 192.168.2.$ip -j MARK --set-mark 200");
print "$comm";
$ip++;
}
$ip=1;
while ($ip <= 20 )
{
$comm = iptables(" -t mangle -A mark-out -s 192.168.3.$ip -j MARK --set-mark 300");
print "$comm";
$comm = iptables(" -t mangle -A POSTROUTING -s 192.168.3.$ip -j MARK --set-mark 400");
print "$comm";
$ip++;
}
$comm = iptables(' -t mangle -A mark-out -j ACCEPT');
print "$comm";
close(file);
print "All done!\n";
3. htb_eth0
Quote:
#!/bin/bash

# htb_eth0.sh Script for upload traffic shaping divided to International & Peering classes

/sbin/insmod sch_htb 2>/dev/null
/sbin/insmod cls_fw 2>/dev/null

/sbin/ip link set dev eth0 qlen 30

/sbin/tc qdisc del dev eth0 root
/sbin/tc qdisc add dev eth0 root handle 1: htb default 30
/sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 1mbit burst 20k
/sbin/tc class add dev eth0 parent 1:1 classid 1:10 htb rate 1mbit burst 20k
/sbin/tc class add dev eth0 parent 1:1 classid 1:20 htb rate 1mbit burst 20k
/sbin/tc class add dev eth0 parent 1:1 classid 1:30 htb rate 512kbit burst 5k

/sbin/tc class add dev eth0 parent 1:10 classid 1:100 htb rate 150kbit ceil 1mbit burst 15k
/sbin/tc class add dev eth0 parent 1:20 classid 1:200 htb rate 150kbit ceil 1mbit burst 15k
/sbin/tc qdisc add dev eth0 parent 1:100 handle 100: sfq perturb 10
/sbin/tc qdisc add dev eth0 parent 1:200 handle 200: sfq perturb 10
/sbin/tc filter add dev eth0 protocol ip parent 1: prio 10 handle 100 fw flowid 1:100
/sbin/tc filter add dev eth0 protocol ip parent 1: prio 10 handle 200 fw flowid 1:200

/sbin/tc class add dev eth0 parent 1:10 classid 1:300 htb rate 12kbit ceil 256kbit burst 10k
/sbin/tc class add dev eth0 parent 1:20 classid 1:400 htb rate 12kbit ceil 256kbit burst 10k
/sbin/tc qdisc add dev eth0 parent 1:300 handle 300: sfq perturb 10
/sbin/tc qdisc add dev eth0 parent 1:400 handle 400: sfq perturb 10
/sbin/tc filter add dev eth0 protocol ip parent 1: prio 20 handle 300 fw flowid 1:300
/sbin/tc filter add dev eth0 protocol ip parent 1: prio 20 handle 400 fw flowid 1:400
Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 01:09 AM
Traffic Shaping jrmann1999 Linux - Networking 3 10-23-2008 01:43 PM
Traffic shaping shy Linux - Networking 2 11-30-2004 10:51 AM
Traffic Shaping nemesisza Linux - Networking 1 03-21-2004 06:52 PM
Traffic Shaping ?? DocKane Linux - Networking 2 08-24-2001 10:32 AM


All times are GMT -5. The time now is 02:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration