elit2007
asked on
Ubuntu router traffic shaping iptables and tc
Im trying to get iptables and tc to work. I would like to shape different official ip addresses. Either 1 and 1 or group 2 if the customer has 2 ips.
My initial try shaped all into 1 set i guess. Since all was shaped at 10mbit
In the end there will be a 3rd interface which will have a different subnet.
IN the case both the .-10 and 20 as well as .30 (which has nor ip tables rules) was shaped at 10 mbit..
#modprobe sch_netem
tc qdisc del dev eth0 root
tc qdisc del dev eth1 root
tc qdisc add dev eth0 root handle 1:0 htb default 2
tc qdisc add dev eth1 root handle 5:0 htb default 2
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 70mbit ceil 70mbit
tc class add dev eth1 parent 5:0 classid 5:1 htb rate 70mbit ceil 70mbit
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 10mbit ceil 10mbit
tc class add dev eth1 parent 5:1 classid 5:2 htb rate 10mbit ceil 10mbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 20mbit ceil 20mbit
tc class add dev eth1 parent 5:1 classid 5:3 htb rate 20mbit ceil 20mbit
#tell which algorithm the classes use
tc qdisc add dev eth0 parent 1:2 sfq
tc qdisc add dev eth1 parent 5:2 sfq
tc qdisc add dev eth0 parent 1:3 sfq
tc qdisc add dev eth1 parent 5:3 sfq
tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 7 fw flowid 1:2
tc filter add dev eth1 parent 5:0 protocol ip prio 1 handle 8 fw flowid 5:2
tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 9 fw flowid 1:3
tc filter add dev eth1 parent 5:0 protocol ip prio 1 handle 10 fw flowid 5:3
iptables -A FORWARD -s 192.168.161.10 -j MARK --set-mark 8
iptables -A FORWARD -d 192.168.161.10 -j MARK --set-mark 7
iptables -A FORWARD -s 192.168.161.20 -j MARK --set-mark 10
iptables -A FORWARD -d 192.168.161.20 -j MARK --set-mark 9
Does anyone have a helping hand ;)
My initial try shaped all into 1 set i guess. Since all was shaped at 10mbit
In the end there will be a 3rd interface which will have a different subnet.
IN the case both the .-10 and 20 as well as .30 (which has nor ip tables rules) was shaped at 10 mbit..
#modprobe sch_netem
tc qdisc del dev eth0 root
tc qdisc del dev eth1 root
tc qdisc add dev eth0 root handle 1:0 htb default 2
tc qdisc add dev eth1 root handle 5:0 htb default 2
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 70mbit ceil 70mbit
tc class add dev eth1 parent 5:0 classid 5:1 htb rate 70mbit ceil 70mbit
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 10mbit ceil 10mbit
tc class add dev eth1 parent 5:1 classid 5:2 htb rate 10mbit ceil 10mbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 20mbit ceil 20mbit
tc class add dev eth1 parent 5:1 classid 5:3 htb rate 20mbit ceil 20mbit
#tell which algorithm the classes use
tc qdisc add dev eth0 parent 1:2 sfq
tc qdisc add dev eth1 parent 5:2 sfq
tc qdisc add dev eth0 parent 1:3 sfq
tc qdisc add dev eth1 parent 5:3 sfq
tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 7 fw flowid 1:2
tc filter add dev eth1 parent 5:0 protocol ip prio 1 handle 8 fw flowid 5:2
tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 9 fw flowid 1:3
tc filter add dev eth1 parent 5:0 protocol ip prio 1 handle 10 fw flowid 5:3
iptables -A FORWARD -s 192.168.161.10 -j MARK --set-mark 8
iptables -A FORWARD -d 192.168.161.10 -j MARK --set-mark 7
iptables -A FORWARD -s 192.168.161.20 -j MARK --set-mark 10
iptables -A FORWARD -d 192.168.161.20 -j MARK --set-mark 9
Does anyone have a helping hand ;)
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Indeed using software the right way works everytime for me, regardless of OS.
pf in bsd can do the same, openbsd also.
pf in bsd can do the same, openbsd also.
ASKER
easy workaround.
close question
close question
Example:
iptables -t mangle -A POSTROUTING -o $DEV -p udp --dport $a -j CLASSIFY --set-class 1:10
For a more complete example checkout the wondershaper:
http://lartc.org/wondershaper/
For ubuntu you can check out debian, they have an install package for it.