|
Bandwidth limiting
Hi everyone! Ive been trying to read up on bandwidth limiting for use on a firewall. I guess CBQ is the best bet for me. Does anyone have any practical examples. Ive tried to implement it but i keep getting different results.
regards edmund |
http://www.linux.org/docs/ldp/howto/...imiting-HOWTO/
never done any BWLimiting so i just decided to find a howto. hope it helps. |
edmund,
Linux Advanced Routing and Traffic Control. It has several examples. I haven't done too much with it (aka I still don't remember syntax), but what problems are you having? What kind of traffic are you shaping? Good Luck, chris |
Hey , ive gone through the 'bandwidth limiting how to ' but i am still having trouble with CBQ. I dont have a proper example to work with. For some reason the example i got doesnt work. I would like to limit bandwidth for FTP traffic. I have a FTP server in a DMZ and I would like to limit it from external and internal machines. The firewall has 3NICs. LAN, DMZ and WAN(internet). Packets are port forwarded from the LAN and WAN(Internet) interfaces to the DMZ. I used 'Postrouting' rules from iptables.
If some one initiates a FTP download from the LAN to the server in the DMZ, the traffic will try to use the full 100MB and block other potential users using the firewall as a gateway to the internet. DEVICE=eth1,10Mbit,1Mbit RATE=1500Kbit WEIGHT=200Kbit PRIO=5 RULE=172.16.4.12 Someone told me that there was a way of applying the above script to enable filtering based on outgoing or incoming traffc. IT doesnt seem to work for me. regards edmund |
edmund,
What example script are you running? Could you post it here, or provide a link? The info above doesn't talk how to match FTP data traffic, so I don't know how it is using the info. The problem with filtering FTP traffic is it uses two different ways of connecting the data stream, active and passive (active means that the server connects back to the client, and passive means the server specifies a new port to the client to connect to). The easiest way is to use the iptables module to match FTP traffic, cause your probably already using it. Have fun, chris |
Hey Chris,. My mistake, in my haste i posted the wrong cbq scripts.
EVICE=eth1,10Mbit,1Mbit RATE=1200Kbit WEIGHT=100Kbit PRIO=5 RULE=:20,172.16.4.1/24 RULE=:21,172.16.4.1/24 I applied it to the interface and tried downloading and it made NO difference. eth0-lan eth1-DMZ eth2-WAN- internet. regards edmund |
edmund,
RULE=:20,172.16.4.1/24 I assume that means port 20 (ftp-data). If the client is using passive ftp, this won't match anything. You don't need to put port 21 because it is the "control" connection and doesn't use much bandwidth. What cbq script are you running? I'm not up on the various packages that do this? Debian has a shaper package, but it uses a syntax of RULE=<IP address>:<port>, perhaps you have it backwords? Have fun, chris |
Hey chris, that must be it! I forgot about passive and active ftps!!!
This explains why the cbq script doesnt work. THanks alot! But how do i control the bandwidth for passive FTP transfer??? regards edmund |
I'm a *nix newbie, but wouldn't you just limit the bandwidth over whatever port parrive ftp uses, or or all ports, or for the IP of the person who was downloading? </bad logic>
|
wshaper will probably be a big help
|
wshaper? hrmm..ill go try it out. Thanks again fro the info guys!
edmund |
| All times are GMT -5. The time now is 07:42 AM. |