At home, I’ve been using a Linux router for as long as I can remember… since, a rather long time ago, I didn’t have money for a router but I happened to have an extra computer that I had been playing with Linux on it. So, I developed an ipchains script (which I eventually converted to iptables) to do NAT on it, and its worked pretty well ever since then. I honestly don’t remember where I derived the script from, however.

When I was in the dorms and afterwards in an apartment with others, we had used my Linux router, since it was pretty simple and theres a ton of things you can do with a Linux server. However, something we noticed (which wasn’t specific to this router) is that whenever someone was using BitTorrent or some other P2P app (you know, to download Linux distros and CC-licensed stuff), it would totally kill our internet access unless the person made their upload rate ridiculously low.. which is fine, unless a visitor stops by, plugs in, and forgets to turn their torrents down.

So, sometime last year I decided that there was probably a good way to filter different types of traffic so they don’t get excessive. Turns out, you can combine iptables and the QoS functionality of the kernel to do just that.

The really bare-bones explanation of how it works is like this:

1. Using iptables, modify the mangle table to classify the streams of traffic passing on ports, or some other mechanism (like l7filter):

   iptables -t mangle -A POSTROUTING -o ${EXT_IFACE} -p tcp --dport 80 -j CLASSIFY --set-class 1:11

2. Then, after setting up a qdisc structure (see the script), you can set the rate of the class using tc

   tc class add dev $EXT_IFACE parent 1:1 classid 1:11  htb rate 115kbit ceil ${MAX_UPLOAD}kbit quantum 10000 burst 10000 prio 1

3. And repeat.

Obviously, its slightly more complicated than that, so refer to my scripts (they’re mostly commented) for more information. You need to ensure you have the netfilter and QoS extensions either built as modules (and loaded) or compiled into your kernel.. I generally just make all of them as modules, and let the autoloader figure out what it needs. My script uses l7filter to try and classify traffic such as bittorrent more accurately, which works pretty well.

Its important to notice that my setup only restricts uploads, it doesn’t really do anything significant on download speeds: but thats the big thing that kills you, is the uploading, since most cable modems and DSL has significantly lower upload rates compared to the download rate.

In any case, using this setup has definitely improved our internet sharing. It doesn’t matter who happens to be torrenting or using some other high bandwidth application — your web browsing, email, and SSH still works with little to no slowdown. Makes for less fighting about bandwidth too. 🙂

For lots more detailed information, I would recommend the LARTC and Netfilter websites, or google it. Thats where I got most of my information from.

Download link

This entry was posted on Saturday, November 17th, 2007 at 3:09 am and is filed under Howto, Linux, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.