IPTABLES and TC for limiting bandwidth per linux user
I discovered that i can use TC and IPTABLES for limiting bandwidth on SSH per linux user.
First i added the command: Quote:
Then i used this script to limit bandwidth: Quote:
But no luck... The speed is unlimited. I tried to use this script: Quote:
|
Does htb implemented on ethernet interface
I mean ouput of #ip a I implemented htb for internet bandwidth sharing and it worked perfectly thanks |
and how can i implement it? i have done just the steps i described
|
There can be two possiblities
1. htb algorithm not get implemented on interface or 2. htb implemented successfully but not working according to aspectation thats why i asked you about output of #ip a Thanks |
Here is the #ip a output
Quote:
|
so the htb is implemented or not? what i must do to enable it?
|
well? :(
|
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
So its clear that pfifo_fast is working over your eth0 interface not htb. Your program is not working properly . Is there any error message appear when try to execute your script ? #./tc.bash start thanks |
no...
Quote:
|
now it's working, but it limits the global speed on the server. how to limit only the rule marked by:
Quote:
|
according to your script you are limiting data coming or going from ip 216.3.128.12. There is no criteria for user test.
replace following U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32" and start() { ... $U32 match ip dst $IP/32 flowid 1:1 $U32 match ip src $IP/32 flowid 1:2 } with start() { $TC qdisc add dev $IF root handle 1: htb default 30 $TC class add dev $IF parent 1: classid 1:1 htb rate $DNLD $TC filter add dev $IF protocol ip parent 1:0 prio 1 handle 1 fw flowid 1:1 } I think that may work to control download speed and same logic to control upload speed Thanks www.linuxinterviews.blogspot.com might also help you. |
vishesh: I was writing while you posted - but mine is a little different ;)
alexxxutz: You should probably take the POSTROUTING chain instead of OUTPUT (see: man iptables) Are you sure that the -m owner --uid-owner is really what you want? from man iptables: Quote:
You want to control ssh? Then you can use its port (22) in the match, instead of the "-m owner" match. Or use "-m layer7" to match for ssh traffic... generally, if you want to use iptables and its marks for filtering: Code:
# you create a new rule in the mangle table |
ok. now all seems to be ok, but now the speed still unlimited on any user i set... so the mark don't works... i have a tunneling service via ssh (port forwarding) and i want to limit the speed for each client. for example 1 euro = 64kB/s 2 euro = 128kB/s. so i want to make 2 groups. one for 1 euro packet speed and other for the 2 euro packet. for that reason i need to use owner
|
...but the "owner" may not quite work the way you think it does... [this line added/edited]
:D if you give me 20 I'll write the script :cool: Please look at vishesh's post again - it has been edited with regard to the mark (last line) |
but mine does not work ........
whenever i run the command #bash tc.bash it shows...... #'c.bash: line 23: synax error near unexpected token '{ 'c.bash: line 23: 'start() please help me...... |
All times are GMT -5. The time now is 11:11 PM. |