Build bandwidth manager on linux with TC, HTB and iptables mark connection
Bandwidth management is quite simple, with TC tools, HTB, and iptables marking we can create hierarchy bandwidth trothling with parent child, let say you have internet download 100Mbps and upload 10Mbps, you want share bandwith to your each client on 192.168.80.0/20 network with different speed
topologi internet --- (eth0, 192.168.1.1/24) linux gateway (eth1, 192.168.80.1/20) --- client
hope this article help you
Step by step
- set up your linux internet gateway
- setup iptables
- setup TC
1. set up your linux internet gateway
you can follow previous article at Build router internet gateway on ubuntu linux
2. setup iptables
we should marking packet base on source address so ifb and tc can handle trothling by packet mark
execute "iptables -t mangle -A PREROUTING -i eth0 -j CONNMARK --restore-mark" -> restore marking connection from nat table to connection mark on download direction "iptables -t mangle -A PREROUTING -i eth1 -s 192.168.80.0/20 -j CONNMARK --restore-mark" -> restore marking connection from nat table to connection mark on upload direction "iptables -t mangle -A PREROUTING -i eth1 -s 192.168.80.2 -m state --state NEW,ESTABLISHED,RELATED -m mark --mark 0 -j MARK --set-mark 2" -> set mark each packet come from 192.168.80.2 with 2 "iptables -t mangle -A PREROUTING -i eth1 -s 192.168.80.3 -m state --state NEW,ESTABLISHED,RELATED -m mark --mark 0 -j MARK --set-mark 3" -> set mark each packet come from 192.168.80.3 with 3 "/sbin/./iptables -t mangle -A POSTROUTING -o eth0 -j CONNMARK --save-mark" -> save connection mark to connection nat table on upload direction "/sbin/./iptables -t mangle -A POSTROUTING -o eth1 -j CONNMARK --save-mark" -> save connection mark to connection nat table on download direction
3. setup TC
execute this to create parent upload, with max upload 10Mbps #---upload limit parent--- "/sbin/tc qdisc del dev eth0 root" "/sbin/tc qdisc add dev eth0 root handle 1: htb default 255 r2q 10" "/sbin/tc class add dev eth0 parent 1: classid 1:10 htb rate 10240Kbit" #---upload limit for 192.168.80.2 client, with max upload bandwidth 1Mbps, and lower bandwidth 25Kbit--- "/sbin/tc class add dev eth0 parent 1:10 classid 1:102 htb rate 25Kbit ceil 1024Kbit prio 5" "/sbin/tc qdisc add dev eth0 parent 1:102 handle 102: sfq perturb 10" "/sbin/tc filter add dev eth0 parent 1: protocol ip prio 100 handle 2 fw flowid 1:102" #---upload limit for 192.168.80.3 client, with max upload bandwidth 2Mbps, and lower bandwidth 25Kbit--- "/sbin/tc class add dev eth0 parent 1:10 classid 1:103 htb rate 25Kbit ceil 2048Kbit prio 5" "/sbin/tc qdisc add dev eth0 parent 1:103 handle 103: sfq perturb 10" "/sbin/tc filter add dev eth0 parent 1: protocol ip prio 100 handle 3 fw flowid 1:103"
execute this to create parent udownload #---upload limit parent, with max download 100Mbps--- "/sbin/tc qdisc del dev eth1 root" "/sbin/tc qdisc add dev eth1 root handle 1: htb default 255 r2q 10" "/sbin/tc class add dev eth1 parent 1: classid 1:20 htb rate 102400Kbit" #---upload limit for 192.168.80.2 client, with max download bandwidth 3Mbps, and lower bandwidth 256Kbit--- "/sbin/tc class add dev eth1 parent 1:20 classid 1:102 htb rate 256Kbit ceil 3072Kbit prio 5" "/sbin/tc qdisc add dev eth1 parent 1:102 handle 102: sfq perturb 10" "/sbin/tc filter add dev eth1 parent 1: protocol ip prio 100 handle 2 fw flowid 1:102" #---upload limit for 192.168.80.3 client, with max download bandwidth 5Mbps, and lower bandwidth 256Kbit--- "/sbin/tc class add dev eth1 parent 1:20 classid 1:103 htb rate 256Kbit ceil 5120Kbit prio 5" "/sbin/tc qdisc add dev eth1 parent 1:103 handle 103: sfq perturb 10" "/sbin/tc filter add dev eth1 parent 1: protocol ip prio 100 handle 3 fw flowid 1:103"
thats it, you can test it with external tools like speedtest.net
i dont create the image, i got from icon-library.com