LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-20-2009, 12:40 PM   #1
TITiAN
Member
 
Registered: Mar 2008
Location: NRW, Germany
Distribution: Debian GNU/Linux with XFCE and packages from "testing"
Posts: 377

Rep: Reputation: 46
How to limit bandwith on one eth0 only for internet?


Hi,

I know this can somehow be done with a lot of tc commands, but before I learn that much, is there an easy solution to this (or perhaps can someone who already knows the tc command well do this)?

What I have:

I have a home server (and all other PC's) connected to my internet router. It only has an ethernet interface eth0 to connect to both the internet and the WLAN network. In the (W)LAN network, all IP's start with "192.168.178."
I installed Debian on it because I think it's a good and reliable distro for servers.

What I intent to do:

I want to limit the bandwith for my home server, but only for connections to (and, if possible, also from) the internet.
I know that the tool "wondershaper" limits input and output for a NIC in user-friendly way (uses tc), but I would want exceptions for these limitations on the 192.168.178.0/255.255.255.0 network (not experienced with IP+mask stuff, hope it's right), or if exceptions for ports are more easy, just an exception for one port (SSH).
[FYI: when I set a reasonable upload limit for my DSL internet connection with 'wondershaper', the "top" command lags, which is very inconvenient, especially if you consider that I want to do other stuff than monitor processes as well).


Now, is there an easy solution or do I have to study the tc command?

Thank you for your answers.
 
Old 07-21-2009, 07:57 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,115
Blog Entries: 54

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
Quote:
Originally Posted by TITiAN View Post
Now, is there an easy solution or do I have to study the tc command?
Those two aren't mutually exclusive you know...


Since you have no control over inbound traffic the Wondershaper only addresses outbound traffic. To shape traffic it uses the mangle table, directing all traffic in POSTROUTING to the SHAPER chain. Inside the SHAPER chain all traffic is --set-mark'ed. All traffic that is not marked gets assigned a default priority.
Quote:
Originally Posted by TITiAN View Post
I want to limit the bandwith for my home server, but only for connections to (and, if possible, also from) the internet.
Excluding traffic from marking makes proper bandwidth calculations impossible so IMHO it would be illogical to make an exclusion for your 192.168.178.0/24. What you could do is make all LAN traffic use the highest priority (lowest flowid) and assign it a minimal usable bandwidth (e.g.: if CHAN=$[$BANDWIDTH/4], then if HALFCHAN=$[$CHAN/2], you could have a WIDECHAN=$[$CHAN+$HALFCHAN]) but how you do it exactly (in terms of iptables -t mangle -A SHAPER rules) depends on what you filter for (src/dst ports, nets, owner, et cetera). You could also subject everything not destined for your LAN range to specific filtering rules and let everything else be assigned the default, then make the default be the highest prio. A simple way to assess what traffic gets assigned which mark is to watch iptables output as in ' watch '/sbin/iptables -n -t mangle -L SHAPER -v -x | sort -bgrk 1 | nl | column -t' '.
 
Old 07-22-2009, 07:11 AM   #3
TITiAN
Member
 
Registered: Mar 2008
Location: NRW, Germany
Distribution: Debian GNU/Linux with XFCE and packages from "testing"
Posts: 377

Original Poster
Rep: Reputation: 46
Thank you for your reply, but ...
Quote:
HomeServer:~# /sbin/iptables -n -t mangle -L SHAPE -v -x
iptables: No chain/target/match by that name
I don't understand why exceptions when marking traffic for shaping are illogical (except if the software is so that you can only shape traffic on a NIC, not traffic that goes through a mark). But I just got another idea:

Maybe I should make a bridge and route all input everything except TCP port 22 (SSH) to it, then use that bridge for internet connections and use wondershaper on it. I'll try that now (google will help me research again), suggestions, opinions etc. are welcome, of course.
 
Old 07-22-2009, 07:11 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,115
Blog Entries: 54

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
If you except part of the traffic flowing through that pipe then you just can't act on it, that's all. Then again I forgot the exception would be for only LAN traffic so that's OK ;-p
If you don't have the SHAPE chain then you prolly dropped the "R" :-]
 
Old 07-23-2009, 12:02 PM   #5
TITiAN
Member
 
Registered: Mar 2008
Location: NRW, Germany
Distribution: Debian GNU/Linux with XFCE and packages from "testing"
Posts: 377

Original Poster
Rep: Reputation: 46
RATS I FU...NNILY GOT IT WORKING

Sorry for exclamation, but that's how I feel after fuddling a few days with tools like vconfig, brctl, wondershaper and tc. (tc was the right tool, after all)

Here's the script that makes it work like I want (shape only outgoing internet traffic on a 192.168.178.* network connected via eth0) [I translated and changed the comments for LQ]:
Code:
# clear any existing configuration
wondershaper clear eth0

# root: let's use HTB
tc qdisc add dev eth0 root handle 1: htb default 20
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit

# the limit for fast, local connections:
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 95mbit burst 60k
# for the rest in teh intarweb (p2p, http ...):
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 300kbit burst 15k

# suggestion from the LARTC howto ...
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

#  F I L T E R    local stuff (adapt "192.168.178." to your own LAN)
tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 \
   match ip dst 192.168.178.0/24 flowid 1:10
man, what a pain... but worth it
I mainly consulted chapter 9 in the LARTC howto.
PS: also adapt the rate limits

Last edited by TITiAN; 07-23-2009 at 12:27 PM. Reason: ps
 
Old 07-23-2009, 12:35 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,115
Blog Entries: 54

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
Well done!
 
  


Reply

Tags
bandwidth, eth0, internet, limit, nic


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I limit a process' disk io bandwith wastingtime Linux - Software 6 02-21-2009 12:31 PM
Limit bandwith on interface Tux-Slack Slackware 1 02-06-2008 02:27 PM
Iptables Bandwith Limit av0 Linux - Networking 4 03-29-2004 06:36 AM
configuring bandwith limit on RH8 maxut Linux - Networking 2 08-15-2003 02:47 AM
Limit bandwith for routers Xenoide Linux - Networking 2 04-24-2002 07:37 AM


All times are GMT -5. The time now is 05:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration