Traffic Shaping on Linux Gateway with tc , iptables and ipp2p

Original Article here

modprobe ipt_ipp2p

tc qdisc del dev eth1 root <== eth1 = internal interface
tc qdisc add dev eth1 root handle 1: htb
tc class add dev eth1 parent 1: classid 1:1 htb rate 900kbit <== max dl 900 kbits

tc class add dev eth1 parent 1:1 classid 1:11 htb rate 300kbit ceil 750kbit prio 2 <== p2p dl 300-750 kbits
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 300kbit ceil 750kbit prio 1 <== www dl 300-750 kbits
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 100kbit ceil 150kbit prio 0 <== ssh dl 100-150 kbits

tc qdisc add dev eth1 parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev eth1 parent 1:12 handle 12: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 13: sfq perturb 10

tc filter add dev eth1 parent 1:0 prio 2 protocol ip handle 11 fw flowid 1:11 <== handle match –set-mark
tc filter add dev eth1 parent 1:0 prio 1 protocol ip handle 12 fw flowid 1:12 <== flowid match classid
tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 13 fw flowid 1:13

iptables -A PREROUTING -t mangle -p tcp -j CONNMARK –restore-mark
iptables -A PREROUTING -t mangle -p tcp -m mark ! –mark 0 -j ACCEPT
iptables -A PREROUTING -t mangle -p tcp -m ipp2p –ipp2p -j MARK –set-mark 11 <== match and mark p2p
iptables -A PREROUTING -t mangle -p tcp -m mark –mark 1 -j CONNMARK –save-mark

iptables -A PREROUTING -t mangle -p tcp –sport 80 -j MARK –set-mark 12 <== mark http
iptables -A PREROUTING -t mangle -p tcp –sport 22 -j MARK –set-mark 13 <== mark ssh

Links Links.

iptables Tutorial

http://ipp2p.org/documents/README

http://lartc.org/howto/lartc.qdisc.filters.html

HTB Linux queuing discipline manual – user guide

http://lartc.org/howto/lartc.cookbook.fullnat.intro.html

Bad Behavior has blocked 87 access attempts in the last 7 days.