{"id":140,"date":"2005-07-27T10:46:08","date_gmt":"2005-07-27T07:46:08","guid":{"rendered":"https:\/\/void.gr\/kargig\/blog\/?p=140"},"modified":"2005-07-27T10:46:20","modified_gmt":"2005-07-27T07:46:20","slug":"traffic-shaping-a-dsl-line-with-linux","status":"publish","type":"post","link":"https:\/\/www.void.gr\/kargig\/blog\/2005\/07\/27\/traffic-shaping-a-dsl-line-with-linux\/","title":{"rendered":"traffic shaping a dsl line with linux"},"content":{"rendered":"<p>The case is like this:<br \/>\n[code]<br \/>\nInternet < --> [dsl modem] < --> [linux box] < --> [Lan]<br \/>\n[\/code]<\/p>\n<p>DSL modem is connected on eth2 on linux box and the rest of the Lan on eth0. I had a serious problem with people leaving edonkey clients opens all night..limiting the download speed to 20kb\/sec but forgetting to limit the upload. The current dsl line is 384\/128 so having the uploads unlimited&#8230;is like killing the line.<\/p>\n<p>The solution was to setup a QOS script. And here it is:<br \/>\n[code]<br \/>\n#!\/bin\/bash<\/p>\n<p>DEV=&#8221;eth2&#8243;<br \/>\nLOCALIF=&#8221;eth2&#8243;<\/p>\n<p># Reset everything to a known state (cleared)<br \/>\ntc qdisc del dev $DEV root    2> \/dev\/null > \/dev\/null<br \/>\ntc qdisc del dev imq0 root 2> \/dev\/null > \/dev\/null<br \/>\niptables -t mangle -F POSTROUTING 2> \/dev\/null > \/dev\/null<br \/>\niptables -t mangle -Z POSTROUTING 2> \/dev\/null > \/dev\/null<br \/>\niptables -t mangle -X POSTROUTING 2> \/dev\/null > \/dev\/null<br \/>\niptables -t mangle -F tosfix<br \/>\niptables -t mangle -F ack<br \/>\nip link set imq0 down 2> \/dev\/null > \/dev\/null<br \/>\nrmmod imq 2> \/dev\/null > \/dev\/null<\/p>\n<p>if [ &#8220;$1&#8221; = &#8220;stop&#8221; ]<br \/>\nthen<br \/>\n      echo &#8220;Shaping removed on $DEV.&#8221;<br \/>\n      exit<br \/>\nfi<\/p>\n<p>tc qdisc add dev $DEV root handle 1: tbf rate 85kbit burst 1600 limit 1<br \/>\ntc qdisc add dev $DEV parent 1:1 handle 2: prio bands 4<br \/>\ntc qdisc add dev $DEV parent 2:1 handle 10: sfq perturb 10<br \/>\ntc qdisc add dev $DEV parent 2:2 handle 20: sfq perturb 10<br \/>\ntc qdisc add dev $DEV parent 2:3 handle 30: sfq perturb 10<br \/>\ntc qdisc add dev $DEV parent 2:4 handle 40: tbf rate 40kbit burst 1600 limit 3000<br \/>\ntc qdisc add dev $DEV parent 40:1 handle 41: pfifo limit 10<\/p>\n<p>iptables -t mangle -N tosfix<br \/>\niptables -t mangle -A tosfix -p tcp -m length &#8211;length 0:64 -j RETURN<br \/>\niptables -t mangle -A tosfix -m limit &#8211;limit 2\/s &#8211;limit-burst 10 -j RETURN<br \/>\niptables -t mangle -A tosfix -j TOS &#8211;set-tos Maximize-Throughput<br \/>\niptables -t mangle -A tosfix -j RETURN<\/p>\n<p>iptables -t mangle -N ack<br \/>\niptables -t mangle -A ack -m tos ! &#8211;tos Normal-Service -j RETURN<br \/>\niptables -t mangle -A ack -p tcp -m length &#8211;length 0:64 \\<br \/>\n  -j TOS &#8211;set-tos Minimize-Delay<br \/>\niptables -t mangle -A ack -p tcp -m length &#8211;length 64: \\<br \/>\n    -j TOS &#8211;set-tos Maximize-Throughput<br \/>\niptables -t mangle -A ack -j RETURN<\/p>\n<p># Is our TOS broken? Fix it for TCP ACK and OpenSSH.<\/p>\n<p>iptables -t mangle -A POSTROUTING -p tcp -m tcp &#8211;tcp-flags SYN,RST,ACK ACK -j ack<br \/>\niptables -t mangle -A POSTROUTING -p tcp -m tos &#8211;tos Minimize-Delay -j tosfix<\/p>\n<p># Here we deal with ACK, SYN, and RST packets<\/p>\n<p># Match SYN and RST packets<br \/>\niptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp -m tcp &#8211;tcp-flags ! SYN,RST,ACK ACK \\<br \/>\n        -j CLASSIFY &#8211;set-class 2:1<br \/>\n# Match ACK packets<br \/>\niptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp -m tcp &#8211;tcp-flags SYN,RST,ACK ACK \\<br \/>\n        -m length &#8211;length :128 -m tos &#8211;tos Minimize-Delay \\<br \/>\n        -j CLASSIFY &#8211;set-class 2:1<\/p>\n<p># Match packets with TOS Minimize-Delay<br \/>\niptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp -m tos &#8211;tos Minimize-Delay \\<br \/>\n        -j CLASSIFY &#8211;set-class 2:1<\/p>\n<p>### Actual traffic shaping classifications with CLASSIFY<\/p>\n<p># ICMP (ping)<\/p>\n<p>iptables -t mangle -A POSTROUTING -o $LOCALIF -p icmp -j CLASSIFY &#8211;set-class 2:1<\/p>\n<p># Outbound client requests for HTTP, IRC and AIM (dport matches)<\/p>\n<p>iptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp &#8211;dport 80 -j CLASSIFY &#8211;set-class 2:2<br \/>\niptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp &#8211;dport 6667 -j CLASSIFY &#8211;set-class 2:2<br \/>\niptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp &#8211;dport 5190 -j CLASSIFY &#8211;set-class 2:2<br \/>\niptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp &#8211;sport 80 -j CLASSIFY &#8211;set-class 2:3<br \/>\niptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp &#8211;dport 1024: -j CLASSIFY &#8211;set-class 2:4<br \/>\n[\/code]<\/p>\n<p>It WORKS for me&#8230;I don&#8217;t know whether it will work for you though. I take no responsibility. I will explain it no further because comments do exists and it&#8217;s really easy to understand what&#8217;s going on if you read a couple of tc tutorials from the net. Many ideas about this script were &#8220;stolen&#8221; from other scripts I studied while trying to make mine. <\/p>\n<p>Have fun with it&#8230;<\/p>\n<p>Here&#8217;s an mrtg graph to see how it&#8217;s working. Watch the blue line which is the uploads. It never goes beyond a reasonable limit and download stays unaffected:<br \/>\n<img src='http:\/\/void.gr\/kargig\/blog\/wp-content\/dslday.png' alt='' \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The case is like this: [code] Internet < --> [dsl modem] < --> [linux box] < --> [Lan] [\/code] DSL modem is connected on eth2 on linux box and the rest of the Lan on eth0. I had a serious problem with people leaving edonkey clients opens all night..limiting the download speed to 20kb\/sec but [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[1,5,3],"tags":[],"class_list":["post-140","post","type-post","status-publish","format-standard","hentry","category-general","category-internet","category-linux"],"aioseo_notices":[],"views":10892,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=140"}],"version-history":[{"count":0,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/140\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}