On Thu, May 12, 2005 at 09:40:56AM +0200, Sylvain BERTRAND wrote: > On Jeu 12 mai 2005 8:14, Lee Sanders a ?crit : > > Hi All, > > > > I've been playing with QOS for a short while now and have worked out how > > to do > > what I want using HTB. Great queuing discipline btw. > > > > My problem is the tc filters I want to setup aren't working because > > iptables is getting to the packets first and mangling the src address. > > > > The iptables script I am using is MonMotha's Firewall 2.3.8 and it > > includes > > lots of nice goodies like syn flood rate limiting. The extra bits like > > this > > are why I'm using it rather than figuring the iptables configuration out > > myself. > > > > My network configuration is trivial, adsl router connected to linux box > > connected to two networks, LAN and WLAN. > > > > I like having these iptables features but MonMotha's Firewall isn't > > designed > > with QOS in mind. > > > > My question for this list, is there a recommended iptables router script > > that > > everyone here uses designed with QOS in mind or have you all written your > > own ? > > > > Thanks in Advance > > > > Lee > > > > Hi Lee, > > Below is my script. It's inspired from LARTC, for the same configuration > as you : home Linux routeur with DSL on eth1, masquerading trafic from > LAN. The server is running a few services (http,mail,dns), and I want > these services to have priority, and also the users must have priority for > their mail & http over the default class. The trafic to/from the services > not defined below goes to default class, which is fine (ftp, im, ...). > Hope you can use it, though it's certainly not perfect. > > Sylvain >
Sylvain
Q) why use do your matching in tc filter and not netfilter ? Is one way
better than the other.
I started out doing it via filter and then moved to netfilter instead
using mark.
Curious to hear what other people have/do do
Alex
>
> #!/bin/bash
>
> UPLINK_EXT=950 # outgoing DSL bandwidth, kbps
> DEV_EXT=eth1 # DSL link
>
> tc qdisc del dev ${DEV_EXT} root 2> /dev/null > /dev/null
>
> tc qdisc add dev ${DEV_EXT} root handle 1: htb default 20
>
> # root class
> tc class add dev ${DEV_EXT} parent 1: classid 1:1 htb rate
> $[${UPLINK_EXT}]kbit prio 0
> # fast ( 80% )
> tc class add dev ${DEV_EXT} parent 1:1 classid 1:10 htb rate
> $[8*${UPLINK_EXT}/10]kbit ceil $[${UPLINK_EXT}]kbit burst 10k prio 1
> # slow ( 20% )
> tc class add dev ${DEV_EXT} parent 1:1 classid 1:20 htb rate
> $[2*${UPLINK_EXT}/10]kbit ceil $[8*${UPLINK_EXT}/10]kbit burst 2k prio 5
>
> # stochastic fairness
> tc qdisc add dev ${DEV_EXT} parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev ${DEV_EXT} parent 1:20 handle 20: sfq perturb 10
>
> # trafic with priority
> # CLIENT
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 22 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 25 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 53 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 80 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 110 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 143 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 443 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 993 0xffff flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 995 0xffff flowid 1:10
> # SERVER
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> sport 22 0xfffd flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> sport 25 0xfffd flowid 1:10
> tc filter add dev ${DEV_EXT} protocol ip parent 1: prio 4 u32 match ip
> dport 53 0xffff flowid 1:10
>
>
> _______________________________________________
> LARTC mailing list
> [email protected]
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
signature.asc
Description: Digital signature
_______________________________________________ LARTC mailing list [email protected] http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
