Link to home
Create AccountLog in
Avatar of elit2007
elit2007

asked on

Ubuntu router traffic shaping iptables and tc

Im trying to get iptables and tc to work. I would like to shape different official ip addresses. Either  1 and 1 or group 2 if the customer has 2 ips.
My initial try shaped all into 1 set i guess. Since all was shaped at 10mbit

In the end there will be a 3rd interface which will have a different subnet.

IN the case both the .-10 and 20 as well as .30 (which has nor ip tables rules) was shaped at 10 mbit..


#modprobe sch_netem

tc qdisc del dev eth0 root
tc qdisc del dev eth1 root

tc qdisc add dev eth0 root handle 1:0 htb default 2
tc qdisc add dev eth1 root handle 5:0 htb default 2

tc class add dev eth0 parent 1:0 classid 1:1 htb rate 70mbit ceil 70mbit
tc class add dev eth1 parent 5:0 classid 5:1 htb rate 70mbit ceil 70mbit

tc class add dev eth0 parent 1:1 classid 1:2 htb rate 10mbit ceil 10mbit
tc class add dev eth1 parent 5:1 classid 5:2 htb rate 10mbit ceil 10mbit

tc class add dev eth0 parent 1:1 classid 1:3 htb rate 20mbit ceil 20mbit
tc class add dev eth1 parent 5:1 classid 5:3 htb rate 20mbit ceil 20mbit

#tell which algorithm the classes use
tc qdisc add dev eth0 parent 1:2 sfq
tc qdisc add dev eth1 parent 5:2 sfq

tc qdisc add dev eth0 parent 1:3 sfq
tc qdisc add dev eth1 parent 5:3 sfq



 tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 7 fw flowid 1:2
 tc filter add dev eth1 parent 5:0 protocol ip prio 1 handle 8 fw flowid 5:2

 tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 9 fw flowid 1:3
 tc filter add dev eth1 parent 5:0 protocol ip prio 1 handle 10 fw flowid 5:3



iptables -A FORWARD -s 192.168.161.10 -j MARK --set-mark 8
iptables -A FORWARD -d 192.168.161.10 -j MARK --set-mark 7

iptables -A FORWARD -s 192.168.161.20 -j MARK --set-mark 10
iptables -A FORWARD -d 192.168.161.20 -j MARK --set-mark 9


Does anyone have a helping hand ;)
Avatar of noci
noci

you dont want to use -j MARK also this needs to be done in the mangle tables.

Example:
 iptables -t mangle -A POSTROUTING -o $DEV -p udp --dport $a -j CLASSIFY --set-class 1:10

For a more complete example checkout the wondershaper:
http://lartc.org/wondershaper/

For ubuntu you can check out debian, they have an install package for it.
ASKER CERTIFIED SOLUTION
Avatar of elit2007
elit2007

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Indeed using software the right way works everytime for me, regardless of OS.
pf in bsd can do the same, openbsd also.
Avatar of elit2007

ASKER

easy workaround.
close question