Bandwidth limiting per user?
Hi!
I'm glad I came on this forum! I have a question the answer is very important to me. So: On the VPS / Dedicated Server Linux wich 3 users created. How can I limit bandwidth each in a separate? For example first user speed 1 MB. 5 MB second and third 10 MB. Expect some clear answers. Regards, Silviu! |
one way would be to use iptables owner module to mark the packets and then use tc to do traffic shaping based on the firewall marking (example below using an htb, this occurs on the outgoing device)
iptables -t mangle -N HTB_OUT iptables -t mangle -I POSTROUTING -j HTB_OUT iptables -t mangle -A HTB_OUT -j MARK --set-mark 30 iptables -t mangle -A HTB_OUT -m owner --uid-owner uid1 -j MARK --set-mark 10 iptables -t mangle -A HTB_OUT -m owner --uid-owner uid2 -j MARK --set-mark 20 /sbin/tc qdisc replace dev eth0 root handle 1: htb default 30 /sbin/tc class replace dev eth0 parent 1: classid 1:1 htb rate 10Mbit burst 5k /sbin/tc class replace dev eth0 parent 1:1 classid 1:10 htb rate 10Mbit ceil 10Mbit burst 5k /sbin/tc class replace dev eth0 parent 1:1 classid 1:20 htb rate 5Mbit ceil 5Mbit burst 5k /sbin/tc class replace dev eth0 parent 1:1 classid 1:30 htb rate 1Mbit ceil 1Mbit burst 5k /sbin/tc qdisc replace dev eth0 parent 1:10 handle 10: sfq perturb 10 /sbin/tc qdisc replace dev eth0 parent 1:20 handle 20: sfq perturb 10 /sbin/tc qdisc replace dev eth0 parent 1:30 handle 30: sfq perturb 10 /sbin/tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 /sbin/tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 /sbin/tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 30 fw flowid 1:30 |
Can you explain a bit better? More specifically, it's about what the user wanted to do here: http://www.linuxquestions.org/questi...x-user-744365/
|
What exactly do you want to know?
HTB is a traffic shaper in tc that lets you assign bandwidth in classes, I like it in general because it allows you to set up classes that use a small amount but can go larger if other classes aren't using there bandwidth, but get scaled back if it isn't available. In your case you seem to be looking to just cap them. The htb I outlined above has 3 classes a 10Mbit class, 5Mbit class and a 1Mbit class with no resource sharing (ceiling is the same as rate). Things get sent to the various classes by the firewall marking /sbin/tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 The iptable mangle rule is what is doing the actual marking based on user id iptables -t mangle -A HTB_OUT -m owner --uid-owner uid1 -j MARK --set-mark 10 So anything sent by user with uid of uid1 will have their packets marked as 10, which tc will put into flowid 1:10 which has a 10Mbit capacity |
It give me the error:
http://i36.tinypic.com/33u972g.png Please, give me your messenger ID to talk.Thanks! |
Wow that is a bizarre error, I'd guess you need to re-install or install a newer iptables, cause I'm thinking yours doesn't have MARK or it was compiled against a different kernel's header files. Sorry no messenger ID.
|
All times are GMT -5. The time now is 02:16 AM. |