Hello,
Traffic control is a very complex system which makes it very difficult to understand how it functions to write rules more efficiently. For now I had opted for PHP frontend that wrote the rules automatically to have an example how they're written so I can know how to implement them. Below is a sample of the rules I currently have:
Code:
#Flush mangle table
/usr/sbin/iptables -t mangle -D POSTROUTING -j SHARE_USERS
/usr/sbin/iptables -t mangle -F SHARE_USERS
/usr/sbin/iptables -t mangle -X SHARE_USERS
/usr/sbin/iptables -t mangle -N SHARE_USERS
#Shaper interfaces: eth0
/usr/sbin/tc qdisc del dev eth0 root
/usr/sbin/tc qdisc add dev eth0 root handle 1: htb r2q 2
#Root class:
/usr/sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 10Mbit ceil 10Mbit
#Class::10Mbit
/usr/sbin/tc class add dev eth0 parent 1:1 classid 1:1001 htb rate 10Mbit ceil 10Mbit burst 2Kbit prio 0
/usr/sbin/tc qdisc add dev eth0 parent 1:1001 handle 1001: sfq perturb 10
#Class::all
/usr/sbin/tc class add dev eth0 parent 1:1001 classid 1:1002 htb rate 32Kbit ceil 32Kbit burst 2Kbit prio 3
/usr/sbin/tc qdisc add dev eth0 parent 1:1002 handle 1002: sfq perturb 10
#/usr/sbin/iptables -t mangle -A SHARE_USERS -o eth0 --protocol tcp -s 0.0.0.0/0 --sport 80 -d 0.0.0.0/0 -m comment --comment 'Web Server' -j CLASSIFY --set-class 1:1002
/usr/sbin/iptables -t mangle -A SHARE_USERS -o eth0 --protocol tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -m owner --gid-owner clients -m comment --comment 'All Traffic' -j CLASSIFY --set-class 1:1002
/usr/sbin/iptables -t mangle -A SHARE_USERS -o eth0 --protocol tcp -s 0.0.0.0/0 -d 0.0.0.0/0 -m owner --gid-owner users -m comment --comment 'All Traffic' -j CLASSIFY --set-class 1:1002
#Shaper interfaces: eth1
/usr/sbin/tc qdisc del dev eth1 root
/usr/sbin/tc qdisc add dev eth1 root handle 1: htb r2q 2
#Root class:
/usr/sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate 100Mbit ceil 100Mbit
#IPTABLES run
/usr/sbin/iptables -t mangle -A POSTROUTING -j SHARE_USERS
My question: The rules that I have above, does it apply for all outgoing traffic in the same group or per connection? IE. If two users where making a connection to two different destinations, will both users be capped at, for example 32Kbit? Or will each user individually be capped at 32Kbit, which will create a combined traffic of 64Kbit?
Best Regards
P.S. I'm far from a networking guru