Re: Band limit without squid

To:	netfilter@lists.netfilter.org
Subject:	Re: Band limit without squid
From:	Franck Joncourt <franck.joncourt@wanadoo.fr>
Date:	Sat, 31 Mar 2007 09:59:36 +0200
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<200703301834.50784.davividal@siscompar.com.br>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Mail-followup-to:	netfilter@lists.netfilter.org
References:	<200703301822.56518.davividal@siscompar.com.br> <Pine.LNX.4.61.0703302327570.31834@yvahk01.tjqt.qr> <200703301834.50784.davividal@siscompar.com.br>
Sender:	netfilter-bounces@lists.netfilter.org
User-agent:	Mutt/1.5.13 (2006-08-11)

On Fri, Mar 30, 2007 at 06:34:50PM -0300, Davi wrote:
> Em Sexta 30 Março 2007 18:28, você escreveu:
> > On Mar 30 2007 18:22, Davi wrote:
> > >Hi all!
> > >
> > >I would like to reserve some band to some services.
> > >Like 30 Kb to HTTP, 60 Kb to POP/IMAP, 20 Kb to SMTP and FTP, i.e.
> > >
> > >Can I do this using iptables + iproute or I must use Squid?
> >
> > No to all three questions.
> >
> >
> > Jan
> 
> Sorry... =P
> Just one question: can I do this (band limit) without Squid?
> 
> Searching here, I found CBQ...
> Anyone has used it?
> 

More information about traffic shaping and the different classes (HTB, CBQ) 
here :

http://www.lartc.org/
http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm

Some useful examples :

http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm
http://lartc.org/wondershaper/

And with iptables you can use connmark target to mark your packets :
(working on it)

[...]

# Let's restore the mark, if there is one, otherwise redirect
# the packet to be matched
# A packet which has been marked is known to have the eighth bit set
iptables -t mangle -A traffic_shaping -m connmark --mark 0x80/0x80 \
        -j CONNMARK --restore-mark
iptables -t mangle -A traffic_shaping -m connmark --mark 0x80/0x80 \
        -j RETURN

# Set the right mark for traffic
# ------------------------------
# Set non-TCP packets to the highest priority since there is no handshake
# It means the client is not waiting for a reply to send you other data. This 
would result
# in the loss of theses data.
iptables -t mangle -A traffic_shaping -p !tcp \
                -j CONNMARK --set-mark 0x81
iptables -t mangle -A traffic_shaping -p ! tcp \
                -j RETURN

# Sort SSH connections
iptables -t mangle -A traffic_shaping -p tcp --sport 22 \
                -j CONNMARK --set-mark 0x82
iptables -t mangle -A traffic_shaping -p tcp --sport 22 \
                -j RETURN
iptables -t mangle -A traffic_shaping -p tcp --dport 22 \
                -j CONNMARK --set-mark 0x82
iptables -t mangle -A traffic_shaping -p tcp --dport 22 \
                -j RETURN
[...]


-- 
Franck Joncourt
http://www.debian.org
http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE

signature.asc
Description: Digital signature

<Prev in Thread]	Current Thread	[Next in Thread>
Band limit without squid, Davi Re: Band limit without squid, Jan Engelhardt Re: Band limit without squid, Davi Re: Band limit without squid, Franck Joncourt <= Re: Band limit without squid, Pablo Sanchez

Previous by Date:	Re: Band limit without squid, Pablo Sanchez
Next by Date:	Re: Debian 2.6.8/bridge/iptables/passive ftp, Martijn Lievaart
Previous by Thread:	Re: Band limit without squid, Davi
Next by Thread:	Re: Band limit without squid, Pablo Sanchez
Indexes:	[Date] [Thread] [Top] [All Lists]