[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems configuring ALTQ trying to limit emule bandwidth.




Hello Mario,



you could try a few things in order to limit the incoming/outgoing bandwidth for your network.


You can easily limit your outgoing bandwidth, but there is a problem with incoming (downstream) bandwidth control.

If you run e-mule on any machine in your local network (not the gateway), you can enforce a downstream policy there.

On an OpenBSD machine you can do by creating another queue for incoming traffic on that machine and enforcing the desired bandwidth (similar to your current setup).


On a linux machine you can do this with "tc" (ingress) and iptables:


==========================================================
iptables -A PREROUTING -i $YOUR_INTERFACE -t mangle -p tcp --dport $START_PORT:$END_PORT -j MARK --set-mark 1


tc qdisc add dev $YOUR_INTERFACE handle ffff: ingress

tc filter add dev $YOUR_INTERFACE parent ffff: protocol ip prio 50 handle 1 fw police rate ${DOWNLINK}Kbit burst 100k drop flowid :1
=============================================================




Finally, you can place the $START_PORT:$END_PORT in your e_mule queue on your gateway.



I hope this sovles your problem and i am sure there are bettet ways to do it :)


MzOzD




Mario Lopez wrote:
Hi,

I am trying to configure a simple firewall with nat and altq bandwidth control to limit some services (emule) and give higher priority to other services (web, dns and email).

What am I doing wrong?, emule sucks all the available bandwidth and adsl line is unsusable. As you can see I have tryed on the ext_if both cbq and priq but I dont get anything correct.

Thanks for your time.

#
#
ext_if="xl0"
int_if="xl1"
red_local="192.168.102.0/24"

# Ancho de banda de subida y bajada

caudal_bajada="512Kb"
caudal_subida="128Kb"

#
# Normalizar paquetes.
#
scrub in all

#
# Control de ancho de banda.
#

# Salida a Internet.
#altq on $ext_if priq bandwidth $caudal_subida queue { pri_out, sec_out, tcp_ack_out, std_out, emule_out }
#queue emule_out priority 0
#queue std_out priority 1 priq(default)
#queue sec_out priority 4
#queue pri_out priority 5
#queue tcp_ack_out priority 6


altq on $ext_if cbq bandwidth $caudal_subida queue { pri_out, sec_out, tcp_ack_out, std_out, emule_out }
queue emule_out priority 0 bandwidth 5%
queue std_out priority 1 cbq(default)
queue sec_out priority 4 bandwidth 60% cbq(borrow)
queue pri_out priority 5 bandwidth 60% cbq(borrow)
queue tcp_ack_out priority 7 cbq(borrow)


# Entrada a la red local.
altq on $int_if cbq bandwidth $caudal_bajada queue { pri_in, sec_in, emule_in, std_in }
queue std_in priority 1 bandwidth 5% cbq(default)
queue pri_in priority 5
queue sec_in priority 4
queue emule_in priority 0 bandwidth 5% cbq(ecn)


#
# NAT
#
nat on $ext_if from $red_local to any -> ($ext_if)

#
# FTP Proxy.
#
rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021

#
# Reglas de firewall.
#

# Internet
block in on $ext_if all
block out on $ext_if all
pass out on $ext_if inet proto tcp from ($ext_if) to any flags S/SA \
keep state queue(std_out, tcp_ack_out)
pass out on $ext_if inet proto { udp icmp } from ($ext_if) to any keep state
pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any port domain \
keep state queue sec_out
pass out on $ext_if inet proto tcp from ($ext_if) to any port 22 \
flags S/SA keep state queue(std_out, sec_out)
pass out on $ext_if inet proto tcp from any to any port { 25 80 110 143 } \
flags S/SA keep state queue(pri_out, tcp_ack_out)
pass out on $ext_if inet proto tcp from any port { 4661 4662 } to any \
flags S/SA keep state queue emule_out
pass out on $ext_if inet proto tcp from any to any port { 4661 4662 } \
keep state queue emule_out
#
# LAN
#


block in on $int_if all
pass in on $int_if from $red_local
block out on $int_if all
pass out on $int_if all
pass out on $int_if from any to $red_local
pass out on $int_if proto { tcp udp } from any port domain to $red_local queue sec_in
pass out on $int_if proto tcp from any port = 22 to $red_local queue sec_in
pass out on $int_if proto tcp from any port { 25 110 143 } to $red_local queue pri_in
pass out on $int_if proto tcp from any port = 80 to $red_local queue pri_in
pass out on $int_if proto tcp from any port { 4661 4662 } to $red_local queue emule_in