ADSL Bandwidth Management HOWTO, Dan Singletary [free ebook reader for ipad .txt] 📗
- Author: Dan Singletary
- Performer: -
Book online «ADSL Bandwidth Management HOWTO, Dan Singletary [free ebook reader for ipad .txt] 📗». Author Dan Singletary
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --set-mark 21 # DNS name resolution (small packets)
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport ssh -j MARK --set-mark 22 # secure shell
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport ssh -j MARK --set-mark 22 # secure shell
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport telnet -j MARK --set-mark 22 # telnet (ew...)
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport telnet -j MARK --set-mark 22 # telnet (ew...)
iptables -t mangle -A MYSHAPER-OUT -p ipv6-crypt -j MARK --set-mark 24 # IPSec - we don't know what the payload is though...
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport http -j MARK --set-mark 25 # Local web server
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK --set-mark 21 # small packets (probably just ACKs)
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26 # redundant- mark any unmarked packets as 26 (low prio)
Done with outbound shaping ##############################################echo "Outbound shaping added to $DEV. Rate: ${RATEUP}Kbit/sec."
uncomment following line if you only want upstream shaping. exit ############################################## Inbound Shaping (limits total bandwidth to RATEDN) make sure imq module is loadedmodprobe imq numdevs=1
ip link set imq0 up
add qdisc - default low-prio class 1:21tc qdisc add dev imq0 handle 1: root htb default 21
add main rate limit classestc class add dev imq0 parent 1: classid 1:1 htb rate ${RATEDN}kbit
add leaf classes - TCP traffic in 21, non TCP traffic in 20tc class add dev imq0 parent 1:1 classid 1:20 htb rate $[$RATEDN/2]kbit ceil ${RATEDN}kbit prio 0
tc class add dev imq0 parent 1:1 classid 1:21 htb rate $[$RATEDN/2]kbit ceil ${RATEDN}kbit prio 1
attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ insures that within each class connections will be treated (almost) fairly.tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev imq0 parent 1:21 handle 21: red limit 1000000 min 5000 max 100000 avpkt 1000 burst 50
filter traffic into classes by fwmark - here we direct traffic into priority class according to the fwmark set on the packet (we set fwmark with iptables later). Note that above we've set the default priority class to 1:26 so unmarked packets (or packets marked with unfamiliar IDs) will be defaulted to the lowest priority class.tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
add MYSHAPER-IN chain to the mangle table in iptables - this sets up the table we'll use to filter and mark packets.iptables -t mangle -N MYSHAPER-IN
iptables -t mangle -I PREROUTING -i $DEV -j MYSHAPER-IN
add fwmark entries to classify different types of traffic - Set fwmark from 20-26 according to desired class. 20 is highest prio.iptables -t mangle -A MYSHAPER-IN -p ! tcp -j MARK --set-mark 20 # Set non-tcp packets to highest priority
iptables -t mangle -A MYSHAPER-IN -p tcp -m length --length :64 -j MARK --set-mark 20 # short TCP packets are probably ACKs
iptables -t mangle -A MYSHAPER-IN -p tcp --dport ssh -j MARK
Comments (0)