Posted: Sun Jul 16, 2006 11:19 Post subject: A firewall script to restrict bandwith on LAN
Code:
tc qdisc del root dev eth0 2>/dev/null
tc qdisc del root dev ppp0 2>/dev/null
iptables -t mangle -D POSTROUTING -o ppp0 -j MYSHAPER-OUT 2>/dev/null
iptables -t mangle -F MYSHAPER-OUT 2>/dev/null
iptables -t mangle -X MYSHAPER-OUT 2>/dev/null
#DOWNLOAD
tc qdisc add dev eth0 root handle 1:0 htb
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 9000kbit ceil 9000kbit
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 480kbit ceil 480kbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 8500kbit ceil 8500kbit
tc class add dev eth0 parent 1:2 classid 1:4 htb rate 360kbit ceil 480kbit
tc class add dev eth0 parent 1:2 classid 1:5 htb rate 96kbit ceil 128kbit
tc filter add dev eth0 protocol ip preference 1 parent 1:0 u32 match ip \
src 192.168.1.1 flowid 1:3
tc filter add dev eth0 protocol ip preference 1 parent 1:0 u32 match ip \
dst 192.168.1.2 flowid 1:4
tc filter add dev eth0 protocol ip preference 1 parent 1:0 u32 match ip \
dst 192.168.1.3 flowid 1:5
tc qdisc add dev eth0 parent 1:3 handle 3:0 sfq perturb 10
tc qdisc add dev eth0 parent 1:4 handle 4:0 sfq perturb 10
tc qdisc add dev eth0 parent 1:5 handle 5:0 sfq perturb 10
#UPLOAD
tc qdisc add dev ppp0 root handle 1:0 htb
tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 120kbit ceil 120kbit quantum 16
tc class add dev ppp0 parent 1:1 classid 1:2 htb rate 40kbit ceil 96kbit quantum 4
tc class add dev ppp0 parent 1:1 classid 1:3 htb rate 40kbit ceil 96kbit quantum 4
tc class add dev ppp0 parent 1:1 classid 1:4 htb rate 40kbit ceil 96kbit quantum 4
tc qdisc add dev ppp0 parent 1:2 handle 2:0 sfq perturb 10
tc qdisc add dev ppp0 parent 1:3 handle 3:0 sfq perturb 10
tc qdisc add dev ppp0 parent 1:4 handle 4:0 sfq perturb 10
tc filter add dev ppp0 protocol ip preference 1 parent 1:0 handle 20 fw flowid 1:2
tc filter add dev ppp0 protocol ip preference 1 parent 1:0 handle 21 fw flowid 1:3
tc filter add dev ppp0 protocol ip preference 1 parent 1:0 handle 22 fw flowid 1:4
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I POSTROUTING -o ppp0 -j MYSHAPER-OUT
iptables -t mangle -A MYSHAPER-OUT -p tcp -s 192.168.1.2 -j MARK --set-mark 21
iptables -t mangle -A MYSHAPER-OUT -p tcp -s 192.168.1.3 -j MARK --set-mark 22
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 20
Hi,
Does that script work on DD-WRT
Eventually what i must to correct - i think that something is'nt compatible with DD-WRT but i don't know what _________________ Greetings and sorry about my english
DaMiAnO
Joined: 06 Jun 2006 Posts: 3763 Location: I'm the one on the plate.
Posted: Sun Jul 16, 2006 15:20 Post subject:
Damiano, where did you find that script ? I am happy to try other firmware if I need to so I can limit bandwidth. I tried DD-WRT "Special" QOS version, but was very dissapointed with the performance. It did not have many options for limiting service, and it did not seem to function properly with what simple job I gave it to do. _________________ http://69.175.13.131:8015 Streaming Week-End Disco. Station Ripper V 1.1 will do.
Damiano, where did you find that script ? I am happy to try other firmware if I need to so I can limit bandwidth. I tried DD-WRT "Special" QOS version, but was very dissapointed with the performance. It did not have many options for limiting service, and it did not seem to function properly with what simple job I gave it to do.
I find it on webs about Mandriva (Mandrake) linux
That script do not work properly - he can only limit all bandwith
Users with ip 1 and 2 in real have the same limit = 520/8 _________________ Greetings and sorry about my english
DaMiAnO
buy a cisco router or setup a bsd box as a gateway and configure pipes
You must be joking
I want to limit 2 users only
I don't understand why this not working...
GeeTek wrote:
Damiano, where did you find that script ? I am happy to try other firmware if I need to so I can limit bandwidth. I tried DD-WRT "Special" QOS version, but was very dissapointed with the performance. It did not have many options for limiting service, and it did not seem to function properly with what simple job I gave it to do.
Can you limit the bandwith for 1 ip from list of users _________________ Greetings and sorry about my english
DaMiAnO
Joined: 06 Jun 2006 Posts: 3763 Location: I'm the one on the plate.
Posted: Sun Jul 16, 2006 23:09 Post subject:
No, that part of the system is part of the stuff that does not seem to work. _________________ http://69.175.13.131:8015 Streaming Week-End Disco. Station Ripper V 1.1 will do.
In above script everything works except first line. But this is normal - you reffer to root eth0 which is not created. Remember that you cannot simply copy&paste scripts from "normal" linux since they base on modifications to default interface eth0. But interfaces have different names in DD-WRT.
In above script everything works except first line. But this is normal - you reffer to root eth0 which is not created. Remember that you cannot simply copy&paste scripts from "normal" linux since they base on modifications to default interface eth0. But interfaces have different names in DD-WRT.
Interfaces that is the clue
TY @BigL _________________ Greetings and sorry about my english
DaMiAnO