LARTC
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behingf

from [Indunil Jayasooriya] [Permanent Link][Original]
To: "Pio Mendez" <pio_mendez@hotmail.com>, lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall
From: "Indunil Jayasooriya" <indunil75@gmail.com>
Date: Mon, 6 Aug 2007 12:35:47 +0530
Delivered-to: sp-com-lists@consult.net
Delivered-to: lartc-list@securepoint.com
Delivered-to: lartc@outpost.ds9a.nl
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=EE40NJlsDbb4GCu4NDxSJ0MIompnMsd4CCEGpyniFDQ22xT4uX8prp8CcxQjCC7R0WQysj9wI8hY02oLGK5qm3nmdjTLGf5+UFPtKTJp7nbewDmWvwwJueOKxUeV/msbU3Q0E7IPQ6CFZm0Oye9j1zG4JAznCmRlg64LjYkck2o=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=HuOGL/vR2gl5Ao0bzwBeSrceH75OagZH0yyE2mFhtcGETrSMQ4OXE8rXsxUm4nagOBTDBHQeVZP7oEBsvPDDLwKCAFDPFXDEhBp4VP+ZDzLaaK/kJIBjmBNaDOPxmgN/NkmC24ifsC21CTVJpK8+Okh4g6gLnfAlMxbOPi1PoSQ=
In-reply-to: <BAY117-F8148A373FF36BF42CB9D9FBEB0@phx.gbl>
List-archive: <http://mailman.ds9a.nl/pipermail/lartc>
List-help: <mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id: "Mailinglist of the Linux Advanced Routing &amp; Traffic Control project" <lartc.mailman.ds9a.nl>
List-post: <mailto:lartc@mailman.ds9a.nl>
List-subscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References: <7ed6b0aa0708020218j7131222cqe38d0c05ab59d504@mail.gmail.com> <BAY117-F8148A373FF36BF42CB9D9FBEB0@phx.gbl>
Sender: lartc-bounces@mailman.ds9a.nl
Hi,

Thanks for your script. I am still a newbie to this traffic control. I have only done polcy routing with iproute2.

I was thinking how to write this script. You have already given a start.

I have been reading Below URLs.

http://lartc.org/howto/lartc.qdisc.classful.html
http://edseek.com/~jasonb/articles/traffic_shaping/linuxtc.html
http://tldp.org/HOWTO/Traffic-Control-HOWTO/index.html
http://edseek.com/~jasonb/articles/traffic_shaping/classes.html#qdiscex

But, I still find it dificult to understand fully.

Hey, shall We disculls the script you wrote below .

I understand below 4 rules. last rule marks 192.168.102.0/24 traffic as 5

INTERFAZ_INT=eth0 

BAND=256

BAND_CLIENTS=64

iptables -t mangle -A PREROUTING -s 192.168.102.0/24 -j MARK --set-mark 0x5


But, I do not understand below rules.
 
shall we discuss one by one.

tc qdisc add dev $INTERFAZ_INT root handle 1 htb r2q 4 

the above rule adds  a qdisc to internet interace. what is r2q ad 4 there ?. I do not understand those two.

tc class add dev $INTERFAZ_INT parent 1: classid 1:2 htb rate "$BAND"Kbit

FULL bandwidth with above rule.
 

tc class add dev $INTERFAZ_INT parent 1: classid 1:5 htb rate "$BAND_CLIENTS"Kbit


and 64 kbit  with above  with above rule.

tc qdisc add dev $INTERFAZ_INT parent 1:5 handle 5 sfq perturb 10


What is this above rule?, I don not understand at all.

tc filter add dev $INTERFAZ_INT protocol ip parent 1: pref 1 handle 10 fw classid 1:5


I do not understand the above rule too.

hope to hear from you.

Feel free to ask to me what you wish.

THAKS for above comment.

 

Regards

Paolo Malfatti


From:  "Indunil Jayasooriya" < indunil75@gmail.com>
To:  lartc@mailman.ds9a.nl
Subject:  [LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall
Date:  Thu, 2 Aug 2007 14:48:55 +0530



Hi,

We have a 256 kbits/s (kilobits per second) link to the internet. it is a router running Linux that belongs to our ISP.  They have given us 8 internet ips. ( i.e- subnet is
255.255.255.248
). one has been given to this router. I have given another internet ip to the firewall running CentOS 4.5. iptables is running on it. And also, I have installed iproute2 pkg as well.

pls see below for installed pkgs.

[root@firebox ~]# rpm -qa |grep iptables
iptables-1.2.11-3.1.RHEL4
[root@firebox ~]# rpm -qa |grep iproute
iproute-2.6.9-3.EL4.3.centos4


This firewall has 3 ethernet cards at the moment. one is connected to router. one is connected to our DMZ zone. one is connected to LAN1.

These are ips of the firewall.

eth0 (internet) -
1.2.3.4/255.255.255.248 (pls assume it. For security reason, I will not give you the actual ip)
eth1 (DMZ Zone) -
192.168.100.254/255.255.255.0
eth2 (LAN1) -
192.168.101.254/255.255.255.0

Now, everyone in LAN1 has access to internet. (due to SNAT rule)

Now, I want to install another ethernet card to this firewall. then, it would be eth3.

eth3 will be as follows.


eth3 (LAN2) - 192.168.102.254/255.255.255.0

Now, I want put about 5 people (5 PCs) behind this LAN2 and give internet access to them. But, I do not want them to use my whole bandwidth (
i.e - 256 kbit/s), But Instead, I want peple behind this LAN2 to allocate  64 kbits/s (kilo bits per second) for their internert access.

Is it possible to acheive this task on firewall running iptables and iproute2 (CentOS 4.5) ?

If so, How can I do such thing?

If I do such thing, what will happen to the people behind LAN1 ? Will they get whole 256 kbits/s as before or will they get 256 kbit/s - 64  kbit/s for their internet access?



Hope to hear form you.










--
Thank you
Indunil Jayasooriya


--
Thank you
Indunil Jayasooriya

>_______________________________________________
>LARTC mailing list
>LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


Las mejores tiendas, los precios mas bajos, entregas en todo el mundo, YupiMSN Compras: Haz clic aquí...



--
Thank you
Indunil Jayasooriya
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [LARTC] plzz help..me, mangal regmi
Next by Date:  [LARTC] Marking and remarking of incoming traffic, Flechsenhaar, Jon J
Previous by Thread:  [LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behing firewall, Indunil Jayasooriya
Next by Thread:  Re: [LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall, Indunil Jayasooriya
Indexes:  [Date] [Thread] [Top] [All Lists]