#!/bin/bash EXT=eth1 INT=eth0 USER3=eth2 TC=tc-htb IPT=iptables # 705 drop 750 no drop BASE=720 INBASE=730 PRIOBASE=100 RATE=${BASE}kbit INRATE=${INBASE}kbit PRIORATE=${PRIOBASE}kbit RATE1=$(( (BASE-PRIOBASE)/2 ))kbit RATE2=$(( (BASE-PRIOBASE)/4 ))kbit INRATE1=$(( (INBASE-PRIOBASE)/2 ))kbit INRATE2=$(( (INBASE-PRIOBASE)/4 ))kbit echo "In $INRATE/$INRATE1/$INRATE2/$PRIORATE, Out $RATE/$RATE1/$RATE2/$PRIORATE" ifconfig imq0 up $TC qdisc del dev $EXT root $TC qdisc del dev imq0 root # 10: cm # 20: user2 # 30: user3 # 2:1:1 aufteilung per ip-address... $TC qdisc add dev $EXT root handle 1: htb default 10 $TC class add dev $EXT parent 1: classid 1:1 htb rate $RATE $TC class add dev $EXT parent 1:1 classid 1:10 htb rate $RATE1 ceil $RATE prio 1 $TC class add dev $EXT parent 1:1 classid 1:20 htb rate $RATE2 ceil $RATE prio 1 $TC class add dev $EXT parent 1:1 classid 1:30 htb rate $RATE2 ceil $RATE prio 1 $TC class add dev $EXT parent 1:1 classid 1:99 htb rate $PRIORATE ceil $RATE prio 0 $TC qdisc add dev $EXT parent 1:10 handle 10: sfq perturb 10 $TC qdisc add dev $EXT parent 1:20 handle 20: sfq perturb 10 $TC qdisc add dev $EXT parent 1:30 handle 30: sfq perturb 10 $TC qdisc add dev $EXT parent 1:99 handle 99: sfq perturb 10 $IPT -F PREROUTING -t mangle $IPT -F FORWARD -t mangle $IPT -F classify -t mangle $IPT -X classify -t mangle $IPT -N classify -t mangle ## all interfaces, priority traffic: I="$IPT -A classify -t mangle" $I -m tos --tos Minimize-Delay -j MARK --set-mark 99 $I -m tos --tos Minimize-Delay -j RETURN $I -p icmp -j MARK --set-mark 99 $I -p icmp -j RETURN $I -m length --length 0:64 -j MARK --set-mark 99 $I -m length --length 0:64 -j RETURN ## outbound only: $I -i $INT -s 192.168.55.128/26 -j MARK --set-mark 20 $I -i $INT -s 192.168.55.128/26 -j RETURN $I -i $USER3 -j MARK --set-mark 30 $I -i $USER3 -j RETURN ## activate it: $IPT -A PREROUTING -t mangle -j classify $TC filter add dev $EXT protocol ip parent 1:0 prio 1 handle 20 fw flowid 1:20 $TC filter add dev $EXT protocol ip parent 1:0 prio 1 handle 30 fw flowid 1:30 $TC filter add dev $EXT protocol ip parent 1:0 prio 1 handle 99 fw flowid 1:99 # 1:10 is default... ## ## INBOUND ## $TC qdisc add dev imq0 handle 1: root htb default 10 $TC class add dev imq0 parent 1: classid 1:1 htb rate $INRATE $TC class add dev imq0 parent 1:1 classid 1:10 htb rate $INRATE1 ceil $INRATE prio 1 $TC class add dev imq0 parent 1:1 classid 1:20 htb rate $INRATE2 ceil $INRATE prio 1 $TC class add dev imq0 parent 1:1 classid 1:30 htb rate $INRATE2 ceil $INRATE prio 1 $TC class add dev imq0 parent 1:1 classid 1:99 htb rate $PRIORATE ceil $INRATE prio 0 $TC qdisc add dev imq0 parent 1:10 handle 10: sfq perturb 10 $TC qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10 $TC qdisc add dev imq0 parent 1:30 handle 30: sfq perturb 10 $TC qdisc add dev imq0 parent 1:99 handle 99: sfq perturb 10 ## IMQ is _before_ us... $I -i $EXT -d 192.168.55.128/26 -j MARK --set-mark 21 $I -i $EXT -d 192.168.55.128/26 -j RETURN $I -i $EXT -d 10.0.0.0/8 -j MARK --set-mark 31 $I -i $EXT -d 10.0.0.0/8 -j RETURN $I -i $EXT -d 192.168.55.0/25 -j MARK --set-mark 11 $I -i $EXT -d 192.168.55.0/25 -j RETURN $IPT -A FORWARD -t mangle -i $EXT -j classify $IPT -A FORWARD -t mangle -i $EXT -j IMQ F="$TC filter add dev imq0 parent 1:0 protocol ip prio 1" $F handle 11 fw flowid 1:10 $F handle 21 fw flowid 1:20 $F handle 31 fw flowid 1:30 $F handle 99 fw flowid 1:99