PDA

View Full Version : NAT, traffic shapping problem. <SOLVED>



Seyyapc
01-09-2006, 03:18 AM
Hello people I've found a problem where I need some help. where I see my problem has to be something like don't understand really the difference between my ip adress and my internal ip adress.

My situation:

I have two computers connected to a d-link 624 router, one on cable the other on wireless.
Both go to internet from the router.

Internet (256kbps)
|
Router
| |
192.168.0.10 - 192.168.0.11

On my pc (192.168.0.10) I've dns-cache(pdnsd), samba and proxy(squid) servers for my pc and the other. Making my pc the gatway the configuration on level software is something like this.

Internet (256kbps)
|
Router
|
192.168.0.10 (linux)
|
192.168.0.11 (XP)

Finally to correct some problems with bandwidth I set limits with squid, the problem is that the other pc is not always connected so I don't use the total bandwidth when only my pc is online because the limits. Reading some info I finally make this script to take control of the bandwidth



tc qdisc add dev eth0 root handle 1: htb default 20
tc class add dev eth0 parent 1: classid 1:1 htb rate 256kbps ceil 256kbps
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbps ceil 256kbps
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 128kbps ceil 256kbps prio 1

tc qdisc add dev eth0 parent 1:10 handle 10: sfq
tc qdisc add dev eth0 parent 1:20 handle 20: sfq

iptables -A FORWARD -s 192.168.0.10 -t mangle -j MARK --set-mark 1
iptables -A FORWARD -s 192.168.0.11 -t mangle -j MARK --set-mark 2

tc filter add dev eth0 protocol ip parent 1: handle 1 fw classid 1:10
tc filter add dev eth0 protocol ip parent 1: handle 2 fw classid 1:20

In teory This code it's suppose to make my internet connection balanced for the two machines, the two will always have 128kbps for use, but if the other pc itÅ› not using the internet then will have all the bandwith available .

The code works but only on the second PC (192.168.0.11) operations from my pc(192.168.010) wich must go on the class 1:10 didn't work because it uses the class 1:1. I know it didn't work because my pc is the server but I suppose it has to be a way to control shapping the bandwith on the server or making some corrections on the iptables code.

What are looking to make is a balanced internet connection, so when my father don't use the computer i have all the bandwith or when i'm using giFT and my father wants to use the www it has bandwidth available.

I suppose a home network don't need these servers or traffic shapping but I want to learn, so I know how to use the tools that linux has to offer.

Seyyapc
01-09-2006, 05:13 PM
The problem was that by default the packets from 192.168.0.10 were going to the class 1:20 and the packets from 192.168.0.11 were going to the same class as I put on the script.

With these corrections I make it finally work :D :D

iptables -A FORWARD -i eth0 -s 192.168.0.11 -t mangle -j MARK --set-mark 1
iptables -A FORWARD -i eth0 -s 192.168.0.10 -t mangle -j MARK --set-mark 2

Seyyapc
01-09-2006, 05:22 PM
After some testing :? the finally script for my configuration it's something like this...

tc qdisc add dev eth0 root handle 1: htb default 20
tc class add dev eth0 parent 1: classid 1:1 htb rate 256kbps ceil 256kbps
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 135kbps ceil 256kbps
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 110kbps ceil 256kbps prio 1

tc qdisc add dev eth0 parent 1:10 handle 10: sfq
tc qdisc add dev eth0 parent 1:20 handle 20: sfq

tc filter add dev eth0 protocol ip parent 1: handle 1 fw classid 1:10
tc filter add dev eth0 protocol ip parent 1: handle 2 fw classid 1:20

iptables -A FORWARD -i eth0 -s 192.168.0.11 -t mangle -j MARK --set-mark 1
iptables -A FORWARD -i eth0 -s 192.168.0.10 -t mangle -j MARK --set-mark 2

For controlling I use tc -s -d class show dev eth0

class htb 1:1 root rate 2048Kbit ceil 2048Kbit burst 4159b/8 mpu 0b overhead 0b cburst 4159b/8 mpu 0b overhead 0b level 7
Sent 4168796 bytes 10442 pkts (dropped 0, overlimits 0)
rate 62840bit 24pps
lended: 0 borrowed: 0 giants: 0
tokens: 10419 ctokens: 10419

class htb 1:10 parent 1:1 leaf 10: prio 0 quantum 13500 rate 1080Kbit ceil 2048Kbit burst 2949b/8 mpu 0b overhead 0b cburst 4159b/8 mpu 0b overhead 0b level 0
Sent 324518 bytes 1838 pkts (dropped 0, overlimits 0)
rate 2632bit 2pps
lended: 1838 borrowed: 0 giants: 0
tokens: 16160 ctokens: 12393

class htb 1:20 parent 1:1 leaf 20: prio 1 quantum 11000 rate 880000bit ceil 2048Kbit burst 2699b/8 mpu 0b overhead 0b cburst 4159b/8 mpu 0b overhead 0b level 0
Sent 3844278 bytes 8604 pkts (dropped 0, overlimits 0)
rate 59792bit 21pps
lended: 8604 borrowed: 0 giants: 0
tokens: 13375 ctokens: 10419

Seyyapc
01-13-2006, 04:48 AM
With HTB.INIT (http://sourceforge.net/projects/htbinit/) the things are more simple. This script has 2 pros: simple rules but powerfull and organizated your connections.

After reading the README(inside the script file) I created 5 files on /etc/sysconfig/htb: eth0, eth0-2.root, eth0-2:10.www, eth0-2:20.extra, eth0-2:30.lan

eth0 # My only net card on the gateway my pc

DEFAULT=30
R2Q=10
DCACHE=no

eth0-2.root # Max Speed of the net card

RATE=2Mbps
BURST=8kb

eth0-2:10.www #Class 2:10 WWW Services: dns, browser, mail, squid....

RATE=20kbps
CEIL=32kbps
LEAF=sfq
PRIO=1

RULE=*:80
RULE=*:210
RULE=*:591
RULE=*:777
RULE=*:3128
RULE=*:443
RULE=*:563
RULE=*:110
RULE=*:53
RULE=*:3128

eth0-2:20.extra # Services extra WWW: gift (KaZaa, OPenFt, Gnutella, Ares), Torrents

RATE=10kbps
CEIL=32kbps
BURST=2kb
LEAF=sfq
PRIO=3

RULE=*:1214
RULE=*:1215
RULE=*:1216
RULE=*:6346
RULE=*:59049
RULE=*:49166

eth0-2:30.lan # Communication between my pc and the other for file exchange

RATE=1Mbps
CEIL=2Mbps
LEAF=sfq
PRIO=5

RULE=*:137
RULE=*:138
RULE=*:139
RULE=*:631


With the command tc -s -d class show dev eth0 it shows how the bandwidth of the netcard is used. only 256kbps for internet conecctions and 2 Mbps for Lan connections.

class htb 1:10 parent 1:2 leaf 10: prio 1 quantum 2000 rate 160000bit ceil 256000bit burst 1799b/8 mpu 0b overhead 0b cburst 1919b/8 mpu 0b overhead 0b level 0
Sent 287852 bytes 1417 pkts (dropped 0, overlimits 0)
lended: 1404 borrowed: 13 giants: 0
tokens: 71107 ctokens: 47515

class htb 1:2 root rate 16000Kbit ceil 16000Kbit burst 8Kb/8 mpu 0b overhead 0b cburst 21598b/8 mpu 0b overhead 0b level 7
Sent 1551826194 bytes 1080417 pkts (dropped 0, overlimits 0)
rate 6673Kbit 582pps
lended: 488052 borrowed: 0 giants: 0
tokens: 3329 ctokens: 8821

class htb 1:20 parent 1:2 leaf 20: prio 3 quantum 1000 rate 80000bit ceil 256000bit burst 2Kb/8 mpu 0b overhead 0b cburst 1919b/8 mpu 0b overhead 0b level 0
Sent 100634 bytes 754 pkts (dropped 0, overlimits 0)
rate 368bit
lended: 727 borrowed: 27 giants: 0
tokens: 162530 ctokens: 47515

class htb 1:30 parent 1:2 leaf 30: prio 5 quantum 100000 rate 8000Kbit ceil 16000Kbit burst 11599b/8 mpu 0b overhead 0b cburst 21598b/8 mpu 0b overhead 0b level 0
Sent 1551437708 bytes 1078246 pkts (dropped 0, overlimits 0)
rate 6448Kbit 562pps
lended: 590234 borrowed: 488012 giants: 0
tokens: 9470 ctokens: 8831

I need more info from other services like the ports that use and all will be setup correctly...I hope this is good info. :oops: