WOW, thanks very much, I know I had some problems in understanding the
problem.
When I read my post I found out that it is sometimes not making sense,
sorry.
I am sending my currently working config.
It seems to be working, but I got some problems. When I start downloading
from
the web then the packets flow through class 1:11. And if I starts Dirrect
Connect(P2P)
downloading something. It gets limited to about 5-8kbytes, but I want it to
be something
like 1000kbit or less. That is my first problem.
The second problem is, that I want to make a limitation of speed to some
clients.
Lets say that user Phill won't download more then 64kbps. I don't know how
to do it.
That's why I was trying to selve it the way in previous email.
Thank you!!!!
Phill
#!/bin/sh
############################################################################
####
# HTB script made by phill
# mailto:[EMAIL PROTECTED]
############################################################################
####
LOCAL="imq0"
NET="ppp0"
CeilDownload=170
CeilDouwnloadDC=120 #max download speed for direct connect
CeilUpload=96
CeilUploadDC=16 #max upload speed for direct connect
############################################################################
####
#echo -n "Starting HTB..."
############################################################################
####
modprobe imq numdevs=1
ip link set imq0 up
############################################################################
####
# Download part ...
############################################################################
####
tc qdisc add dev $LOCAL root handle 1: htb default 14
tc class add dev $LOCAL parent 1: classid 1:1 htb rate ${CeilDownload}kbit
ceil ${CeilDownload}kbit
#11-->Fast-WWW,telnet,ssh,ping,...
tc class add dev $LOCAL parent 1:1 classid 1:11 htb rate 100kbit ceil
${CeilDownload}kbit prio 1 burst 15k quantum 100
#12-->Medium-eMail
tc class add dev $LOCAL parent 1:1 classid 1:12 htb rate 25kbit ceil ${
CeilDownload}kbit prio 2 burst 5k quantum 100
#13-->Slow-FTP
tc class add dev $LOCAL parent 1:1 classid 1:13 htb rate 25kbit ceil
${CeilDownload}kbit prio 3 burst 15k quantum 100
#14-->Other stuff-Default
tc class add dev $LOCAL parent 1:1 classid 1:14 htb rate 18kbit ceil
${CeilDownload}kbit prio 4 burst 5k quantum 100
#15-->DC,eDonkey
tc class add dev $LOCAL parent 1:1 classid 1:15 htb rate 2kbit ceil
${CeilDownloadDC}kbit prio 5 quantum 1
tc filter add dev $LOCAL parent 1:0 protocol ip prio 1 handle 1 fw classid
1:11
tc filter add dev $LOCAL parent 1:0 protocol ip prio 2 handle 2 fw classid
1:12
tc filter add dev $LOCAL parent 1:0 protocol ip prio 3 handle 3 fw classid
1:13
tc filter add dev $LOCAL parent 1:0 protocol ip prio 4 handle 4 fw classid
1:14
tc filter add dev $LOCAL parent 1:0 protocol ip prio 5 handle 5 fw classid
1:15
#sfq
tc qdisc add dev $LOCAL parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:13 handle 13: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:14 handle 14: sfq perturb 10
tc qdisc add dev $LOCAL parent 1:15 handle 15: sfq perturb 10
#IPTABLES
#default
iptables -A PREROUTING -t mangle -j MARK --set-mark 0x4
#11
#WWW without squida
iptables -A PREROUTING -t mangle -p tcp --sport 80 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p tcp --sport 443 -j
MARK --set-mark 0x1
#WWW through squid <???>
#dont know how but lets say everything going to the router machine
will
#have this class. This works :->
iptables -A PREROUTING -t mangle -p tcp -s 192.168.1.1 -j
MARK --set-mark 0x1
#telnet
iptables -A PREROUTING -t mangle -p tcp --sport 23 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p udp --sport 23 -j
MARK --set-mark 0x1
#ssh
iptables -A PREROUTING -t mangle -p tcp --sport 22 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p udp --sport 22 -j
MARK --set-mark 0x1
#icmp
iptables -A PREROUTING -t mangle -p icmp -j MARK --set-mark 0x1
#dns
iptables -A PREROUTING -t mangle -p tcp --sport 53 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -p udp --sport 53 -j
MARK --set-mark 0x1
#ack
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j MARK --set-mark 0x1
#12
#pop3
iptables -A PREROUTING -t mangle -p tcp --sport 110 -j MARK --set-mark
0x2
iptables -A PREROUTING -t mangle -p udp --sport 110 -j MARK --set-mark
0x2
#smtp
iptables -A PREROUTING -t mangle -p tcp --sport 25 -j MARK --set-mark
0x2
iptables -A PREROUTING -t mangle -p udp --sport 25 -j MARK --set-mark
0x2
#imap
iptables -A PREROUTING -t mangle -p tcp --sport 143 -j MARK --set-mark
0x2
iptables -A PREROUTING -t mangle -p udp --sport 143 -j MARK --set-mark
0x2
#13
#ftp
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 20:21 -j
MARK --set-mark 0x3
#14
#Other stuff...DEFAULT!!!
#15
#DC 2 users, 2 ports 412,414
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 412 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 412 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --sport 414 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp --dport 414 -j
MARK --set-mark 0x5
#eDonkey
iptables -A PREROUTING -t mangle -p tcp --sport 4662 -j MARK --set-mark
0x5
iptables -A PREROUTING -t mangle -p tcp --dport 4662 -j MARK --set-mark
0x5
############################################################################
####
# Download part ... OK
############################################################################
####
############################################################################
####
# Upload part ...
############################################################################
####
tc qdisc add dev $NET root handle 2: htb default 21
tc class add dev $NET parent 2: classid 2:1 htb rate ${CeilUpload}kbit
ceil ${CeilUpload}kbit
#11-->Fast-everything...Default
tc class add dev $NET parent 2:1 classid 2:11 htb rate 90kbit ceil
${CeilUpload}kbit prio 7 burst 15k
#12-->Slow-DC,edonkey upload
tc class add dev $NET parent 2:1 classid 2:12 htb rate 6kbit ceil
${CeilUploadDC}kbit prio 8 burst 5k quantum 1
tc filter add dev $NET parent 2:0 protocol ip prio 1 handle 1 fw classid
2:11
tc filter add dev $NET parent 2:0 protocol ip prio 5 handle 5 fw classid
2:12
############################################################################
####
# Upload part ... OK
############################################################################
####
iptables -t mangle -A PREROUTING -i ppp0 -j IMQ
echo " OK"
> Phill,
>
> : _____________________________________________ 160kbps/96kbps
_____
> : |imq0(eth1, eth2) Linux router with
NAT>ppp0|------------------------|ISP|
>
------------------------- -----
> : +|Roman| - 192.168.1.10 on eth1
> : +|Phill| - 192.168.2.10 on eth2
> : + ...
>
> I don't understand what you are trying to convey with the notes
"eth1/eth2"
> and 160kbps/96kbps part of the diagram, but the rest makes sense to me.
>
> I'm going to draw a picture of your traffic control structure to point out
> where I think your problem lies.
>
> root class
> + r/c 160kbit
> r 80kbit | r 80kbit
> c 160kbit +---------------+---------------+ c 160kbit
> Roman | | Phill
> +---------+---------+ +---------+---------+
> | ftp other | | other ftp |
> | | | |
> r 1kbit r 79kbit r 79kbit r 1kbit
> c 160kbit c 160kbit c 160kbit c 160kbit
>
>
> Note that you have four leaf classes. Two classes, each with a rate of
79kbit
> and two each with a rate of 1kbit (which HTB can't reasonably accomplish
[1],
> but your technique should work, anyway--keep reading).
>
> Several items of note.
>
> - HTB only performs shaping in the leaf classes. [2]
> - HTB rate is essentially treated as a CIR, and HTB will not
> check a parent class to see if a parent class is above its
> rate. [2]
> - The sum of the rates of your leaf classes is 160kbit. You have
> committed all of your bandwidth, and left nothing for borrowing or
> dynamic allocation.
>
> Try this instead:
>
> root class
> + r/c 160kbit
> r 80kbit | r 80kbit
> c 160kbit +---------------+---------------+ c 160kbit
> Roman | | Phill
> +---------+---------+ +---------+---------+
> | ftp other | | other ftp |
> | | | |
> r 1kbit r 40kbit r 40kbit r 1kbit
> c 160kbit c 160kbit c 160kbit c 160kbit
>
>
> With this sort of configuration, the borrowing model of HTB should
distribute
> the leftover bandwidth in a way that seems fairer to you. You have now
> guaranteed a total of 82kbit to your leaf classes and above that (sum of
the
> rates of the leaf classes), the leaf classes will try to borrow as much as
> they can up to ceil.
>
> : The point is, that I want to shape the speed of each client
> : and I want to shape the speed of the services the client uses.
> : I don't use iptables to mark the packets, because the use of IMQ,
> : but I know that there is a patch for this.
>
> I don't know what you mean in this paragraph.....
>
> [ snipped textual description ]
>
> : modprobe imq numdevs=1
> : ip link set imq0 up
> : $IPT -t mangle -A PREROUTING -i ppp0 -j IMQ
>
> Do you need to use IMQ? It's not a bad thing to use IMQ, but if your
router
> is a separate machine, you can simply attach the "download" shaper to the
> internal interface--the interface closest to Phill and Roman. [3]
>
> [ snipped start of script ]
>
> See notes above about the rate/ceil here.
>
> : ... parent 1:0 protocol ip u32 match ip dst 192.168.1.10 flowid 1:110
> : ... parent 1:110 protocol ip u32 match ip dst 192.168.1.10 flowid
1:1101
> : ... parent 1:110 protocol ip u32 match ip dport 20 0xffff flowid 1:1102
> : ... parent 1:110 protocol ip u32 match ip dport 21 0xffff flowid 1:1102
>
> See note above about IMQ necessity. In particular your u32 classifier
with
> "ip dport 21" will never match. Do you perhaps mean "ip sport 21"? Still
> probably not all that helpful. Your u32 classifier "ip dport 20" is
correct,
> but will only work for port mode connections. Check/search the LARTC
archives
> for a description of the problems involved with shaping FTP (port v.
passive
> mode data channel). [4]
>
> Best of luck,
>
> -Martin
>
> [1] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#sharing
> (see last paragraph, for mtu=1500, r2q=1, 12kbit is minimum rate)
> [2] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#hsharing
> [3] http://www.docum.org/stef.coene/qos/faq/cache/9.html
> [4] http://www.google.com/search?q=site%3Amailman.ds9a.nl+ftp+shaping
>
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
