Bandwidth Management with TC
Server with 2 lan cards.
* eth0 is Wan port.
* eth1 is Lan port.
Restrict Downlink with eth1 script.
Script for eth1
----------------------------------------
#!/sbin/sh
TC=` which tc`
total=256
lan=192
tom=64
## Deleting qdisc
$TC qdisc del dev eth1 root 2> /dev/null > /dev/null
## 10Mbit Lan.
$TC qdisc add dev eth1 root handle 5: htb
$TC class add dev eth1 parent 5: classid 5:1 htb rate 10mbit
$TC class add dev eth1 parent 5:1 classid 5:10 htb rate $[total]kbit ceil $[total]kbit burst 2k quantum 1514
## Limit Lan Downlink at 192
$TC class add dev eth1 parent 5:10 classid 5:100 htb rate $[lan]kbit ceil $[lan]kbit burst 2k quantum 1514
$TC qdisc add dev eth1 parent 5:100 handle 100 pfifo limit 2
$TC filter add dev eth1 protocol ip parent 5: prio 1 u32 match ip dst 192.168.100.0/24 flowid 5:100
## Limit tom Downlink at 64
$TC class add dev eth1 parent 5:10 classid 5:200 htb rate $[tom]kbit ceil $[tom]kbit burst 2k quantum 1514
$TC qdisc add dev eth1 parent 5:200 handle 200 pfifo limit 2
$TC filter add dev eth1 protocol ip parent 5: prio 1 u32 match ip dst 172.16.100.5 flowid 5:200
-----------------------------------------
Restrict uplink with eth0 script.
Script for eth0
-----------------------------------------
#!/sbin/sh
TC=` which tc`
total=128
lan=64
tom=64
## Deleting qdisc
$TC qdisc del dev eth0 root 2> /dev/null > /dev/null
## 10Mbit Lan.
$TC qdisc add dev eth0 root handle 5: htb
$TC class add dev eth0 parent 5: classid 5:1 htb rate 10mbit
$TC class add dev eth0 parent 5:1 classid 5:10 htb rate $[total]kbit ceil $[total]kbit burst 2k quantum 1514
## Limit Lan Uplink at 64
$TC class add dev eth0 parent 5:10 classid 5:100 htb rate $[lan]kbit ceil $[lan]kbit burst 2k quantum 1514
$TC qdisc add dev eth0 parent 5:100 handle 100 pfifo limit 2
$TC filter add dev eth0 parent 5:0 protocol ip prio 2 handle 1 fw classid 5:100
## Limit tom Uplink at 64
$TC class add dev eth0 parent 5:10 classid 5:200 htb rate $[tom]kbit ceil $[tom]kbit burst 2k quantum 1514
$TC qdisc add dev eth0 parent 5:200 handle 200 pfifo limit 2
$TC filter add dev eth0 parent 5: protocol ip prio 2 handle 2 fw classid 5:200
-------------------------------------
As you cant restrict fake ip address upload traffic, you need to mark it with iptables.
iptables -A PREROUTING -i eth1 -s 192.168.100.0/24 -t mangle -j MARK --set-mark 1
iptables -A PREROUTING -i eth1 -s 172.16.100.5 -t mangle -j MARK --set-mark 2