For ingress shaping look at using an IMQ device. Relying on ack packets will cause too many retransmissions on a busy connection and really only affects TCP protocols. I recommend reading about dscp/tos field values and use tcpdump and wireshark to verify how these are set on various traffic. You can then use the MARK or CLASSIFY targets to ensure the traffic ends up in you qdisc classes as expected.
-- Cory Oldford PeaceWorks Computer Consulting #2 - 396 Assiniboine Ave, Winnipeg 204 480 0314 --or-- 519 725 7875, ext 610. ----- Original Message ----- From: "Nikolay Bitsadze" <[email protected]> To: "green" <[email protected]>, [email protected] Sent: Thursday, 11 February, 2010 05:47:34 GMT -06:00 US/Canada Central Subject: Re: shaping: dividing bandwidth between router & NAT hosts Would you post a link to blog or something to share experience? I have familiar situation with setting up a home network. So far only Samba... > I am working on setting up a router/server running Debian Squeeze. I have had > a lot to learn and have managed to understand iptables and have mostly set up > filtering. > > Now I would like to set up traffic control. I have been reading documentation > and have been looking for an eth0 ingress way to delay packets in order to > control download bandwidth, but maybe ingress shaping is not a viable > solution. > Perhaps it is the ACKs that I need to shape instead: delay the outgoing ACKs > to > control downloads and delay the outgoing data to control the uploads. Will > that work? > > The router uses NAT and has the following interfaces: > - eth0 (WAN) > - eth1, eth2, eth3 (ethernet LAN) > - wlan0 (wireless LAN) > * br0 bridges eth1, eth2, eth3, wlan0 > > (I do not have the wireless hardware yet; I hope wlan0 will work in the > bridge > without problems.) > > The bandwidth will ideally be separated into 4 groups: > - local (router) > - ethernat LAN (eth1, eth2, eth3) > - wireless LAN, known MAC addresses > - wireless LAN, unknown MAC addresses > Each group gets a part of the bandwidth and a priority for borrowing. > > Can I use iptables to mark/classify packets into these groups? > > Thanks lots for your help. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
