controlling the bandwidth using tc

Question

I have two NICs. eth0 is connected to the internet and eth1 is connected to the LAN.

I want to restrict the download limit using iptables and linux tc.

So I wrote a test script to verify if it is working.

My iptables configuration is as below.

iptables -t mangle -N INBOUND
iptables -t mangle -I PREROUTING -i eth0 -j INBOUND
iptables -t mangle -A INBOUND  -j MARK --set-mark 60

My ingress configuration is as below.

tc qdisc add dev eth0 handle 1: ingress
tc filter add dev eth0 parent 1: protocol ip prio 1 handle 60 fw police rate 100kbit burst 20kbit drop flowid :1

Can you please tell me what I am missing here ?

score 3 · Accepted Answer · edited Feb 26 '12 at 10:10

3

NIC -> INGRESS -> NETFILTER -> EGRESS -> NIC
                   (MARK)

Traffic in netfilter fall after pass ingress discipline at the interface so that your mark not care.

Use 'tc filter ... u32'.

edited Feb 26 '12 at 10:10

sleske

10,009
4
34
44

answered Jan 30 '11 at 15:24

alvosu

8,437
25
22

Thanks! the diagram cleared my confusion. I used u32 to redirect this to a IFB interface and then applied egress rules. – Supratik Jan 31 '11 at 13:06
1

By using IFB for your ingress traffic, did you manage to use iptables to mark your trafic and apply egress rules on your ingress traffic? Do you mean that when using "mirred egress redirect", you must mark packets in iptables mangle-POSTROUTING? Could you please share your solution? Thanks a lot. – MiniQuark Aug 19 '11 at 22:35

score 2 · Answer 2 · answered Jan 30 '11 at 15:36

2

Take a look at Wonder Shaper:

http://lartc.org/wondershaper/

It is a fantastic use of 'tc' to control upload/download rates.

answered Jan 30 '11 at 15:36

controlling the bandwidth using tc

2 Answers2

Linked