1

Well, I've already gone through How can I do traffic shaping in Linux by IP? on serverfault & what I'm trying to achieve is pretty much same.

Internet--------Linux Router----Switch-----Clients

I've followed Julien Vehent's tutorial and could restrict the traffic originating from Linux router to client IP at 36.7KB/s but the whenever I'm copying any file from client to serverI'm getting 6.0MB/s

What I'm trying to achieve is

Internet------------------------>Client @ 1.0MB/s i.e if I download any file from Internet to client machine it will be @1.0MB/s

Below is the script I have followed 

#! /bin/bash
NETCARD=eth1
MAXBANDWIDTH=10000

# reinit
tc qdisc del dev $NETCARD root handle 1
tc qdisc add dev $NETCARD root handle 1: htb default 9999

# create the default class
tc class add dev $NETCARD parent 1:0 classid 1:9999 htb rate $(( $MAXBANDWIDTH ))kbit ceil $(( $MAXBANDWIDTH ))kbit burst 5k prio 9999

# control bandwidth per IP
declare -A ipctrl
# define list of IP and bandwidth (in kilo bits per seconds) below
ipctrl[10.239.107.15]="256"   ##MY CLIENT MACHINE IP##
#ipctrl[192.168.1.2]="128"
#ipctrl[192.168.1.3]="512"
#ipctrl[192.168.1.4]="32"

mark=0
for ip in "${!ipctrl[@]}"
do
    mark=$(( mark + 1 ))
    bandwidth=${ipctrl[$ip]}

    # traffic shaping rule
    tc class add dev $NETCARD parent 1:0 classid 1:$mark htb rate $(( $bandwidth ))kbit ceil $(( $bandwidth ))kbit burst 5k prio $mark

    # netfilter packet marking rule
    iptables -t mangle -A INPUT -i $NETCARD -s $ip -j CONNMARK --set-mark $mark
    iptables -t mangle -A INPUT -i $NETCARD -d $ip -j CONNMARK --set-mark $mark
    # filter that bind the two
    tc filter add dev $NETCARD parent 1:0 protocol ip prio $mark handle $mark fw flowid 1:$mark

    echo "IP $ip is attached to mark $mark and limited to $bandwidth kbps"
done

#propagate netfilter marks on connections
iptables -t mangle -A POSTROUTING -j CONNMARK --restore-mark
Community
  • 1
Neel
  • 111
  • 2
  • 5
  • Also just going to mention: http://wiki.linuxwall.info/doku.php/en:ressources:dossiers:networking:traffic_control This is an excellent read which your post has prompted. This is explain in clear and concise terms by somone who clearly knows what they are talking about. I've only implemented this on a small basis but this article makes it very easy to understand and grasp. – kernel Jan 16 '16 at 08:20

1 Answers1

2

This script works OK although it is quite old. Many other have used it such as: https://forums.plex.tv/discussion/173977/limiting-bandwidth-per-user

Note tc does not work very well for input traffic unless you use an ifb virtual deivce and route packets through that. It's much better and recommended to use the OUTPUT chain in IP tables.

There are loads of tc scripts available on the internet to scheive this.

Your question is unclear as you also mention " Linux router". but your acsii diagraem shows no such thing in your "network topology"

Does this mean you are trying to run the above script on a multihome host? This will never work for what you are trying to do. If this is the case you should learn how to use iptables correctly as well as tc. Most notably which chains IP tables uses.

This is not hard to accomplish.

kernel
  • 21
  • 2