LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   How to limit bandwith on one eth0 only for internet? (http://www.linuxquestions.org/questions/linux-server-73/how-to-limit-bandwith-on-one-eth0-only-for-internet-741459/)

TITiAN 07-20-2009 12:40 PM

How to limit bandwith on one eth0 only for internet?
 
Hi,

I know this can somehow be done with a lot of tc commands, but before I learn that much, is there an easy solution to this (or perhaps can someone who already knows the tc command well do this)?

What I have:

I have a home server (and all other PC's) connected to my internet router. It only has an ethernet interface eth0 to connect to both the internet and the WLAN network. In the (W)LAN network, all IP's start with "192.168.178."
I installed Debian on it because I think it's a good and reliable distro for servers.

What I intent to do:

I want to limit the bandwith for my home server, but only for connections to (and, if possible, also from) the internet.
I know that the tool "wondershaper" limits input and output for a NIC in user-friendly way (uses tc), but I would want exceptions for these limitations on the 192.168.178.0/255.255.255.0 network (not experienced with IP+mask stuff, hope it's right), or if exceptions for ports are more easy, just an exception for one port (SSH).
[FYI: when I set a reasonable upload limit for my DSL internet connection with 'wondershaper', the "top" command lags, which is very inconvenient, especially if you consider that I want to do other stuff than monitor processes as well).


Now, is there an easy solution or do I have to study the tc command?

Thank you for your answers.

unSpawn 07-21-2009 07:57 AM

Quote:

Originally Posted by TITiAN (Post 3614153)
Now, is there an easy solution or do I have to study the tc command?

Those two aren't mutually exclusive you know...


Since you have no control over inbound traffic the Wondershaper only addresses outbound traffic. To shape traffic it uses the mangle table, directing all traffic in POSTROUTING to the SHAPER chain. Inside the SHAPER chain all traffic is --set-mark'ed. All traffic that is not marked gets assigned a default priority.
Quote:

Originally Posted by TITiAN (Post 3614153)
I want to limit the bandwith for my home server, but only for connections to (and, if possible, also from) the internet.

Excluding traffic from marking makes proper bandwidth calculations impossible so IMHO it would be illogical to make an exclusion for your 192.168.178.0/24. What you could do is make all LAN traffic use the highest priority (lowest flowid) and assign it a minimal usable bandwidth (e.g.: if CHAN=$[$BANDWIDTH/4], then if HALFCHAN=$[$CHAN/2], you could have a WIDECHAN=$[$CHAN+$HALFCHAN]) but how you do it exactly (in terms of iptables -t mangle -A SHAPER rules) depends on what you filter for (src/dst ports, nets, owner, et cetera). You could also subject everything not destined for your LAN range to specific filtering rules and let everything else be assigned the default, then make the default be the highest prio. A simple way to assess what traffic gets assigned which mark is to watch iptables output as in ' watch '/sbin/iptables -n -t mangle -L SHAPER -v -x | sort -bgrk 1 | nl | column -t' '.

TITiAN 07-22-2009 07:11 AM

Thank you for your reply, but ...
Quote:

HomeServer:~# /sbin/iptables -n -t mangle -L SHAPE -v -x
iptables: No chain/target/match by that name
I don't understand why exceptions when marking traffic for shaping are illogical (except if the software is so that you can only shape traffic on a NIC, not traffic that goes through a mark). But I just got another idea:

Maybe I should make a bridge and route all input everything except TCP port 22 (SSH) to it, then use that bridge for internet connections and use wondershaper on it. I'll try that now (google will help me research again), suggestions, opinions etc. are welcome, of course.

unSpawn 07-22-2009 07:11 PM

If you except part of the traffic flowing through that pipe then you just can't act on it, that's all. Then again I forgot the exception would be for only LAN traffic so that's OK ;-p
If you don't have the SHAPE chain then you prolly dropped the "R" :-]

TITiAN 07-23-2009 12:02 PM

RATS I FU...NNILY GOT IT WORKING

Sorry for exclamation, but that's how I feel after fuddling a few days with tools like vconfig, brctl, wondershaper and tc. (tc was the right tool, after all)

Here's the script that makes it work like I want (shape only outgoing internet traffic on a 192.168.178.* network connected via eth0) [I translated and changed the comments for LQ]:
Code:

# clear any existing configuration
wondershaper clear eth0

# root: let's use HTB
tc qdisc add dev eth0 root handle 1: htb default 20
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit

# the limit for fast, local connections:
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 95mbit burst 60k
# for the rest in teh intarweb (p2p, http ...):
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 300kbit burst 15k

# suggestion from the LARTC howto ...
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

#  F I L T E R    local stuff (adapt "192.168.178." to your own LAN)
tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 \
  match ip dst 192.168.178.0/24 flowid 1:10

man, what a pain... but worth it
I mainly consulted chapter 9 in the LARTC howto.
PS: also adapt the rate limits

unSpawn 07-23-2009 12:35 PM

Well done!


All times are GMT -5. The time now is 07:10 PM.