sharing bandwidth download+upload+NAT - [debian]

Hello

I use a linux box to share my ADSL (512dw/128up) between some PC on a
LAN (5 persons). I would like to be able to surf html pages and play
games (ie it requieres low ping for these services) while heavy
downloads (emule, bittorrents and other download/upload nibbles).

So i started to look around iptables. I use MASQUERADING to translate
adresses (ip are fixed in my LAN). After reading lot of HOWTO i started
to build some scripts using tc classes.

But the only thing i succeeded to is to share UPLOAD (using qdisc and
filters). I have lot of problems to share DOWNLOAD speed.
What i would like to have is a simple thing: share connexion with ip and
NOT with services. I found lot of scripts which share upload and
download traffic using services (ie 10% for pop, 20% for http (but
hipriority), 30% for emules and clones...).
I tryed with IMQ but it doesn't work: the NAT translation is done AFTER
packets go throught IMQ table (iptables) so iptables doesn't know the
true recipient packets go to. i tried with a kernel patch which should
correct this but it doesn't work.

Now a diagram of what i would like to have :

internet
|
| ADSL. down 512 kps (60kb), up 128 (16 kb)
|
|
linux server
| | |
| | |
| | |
| | user 3 : download 170 kps (21 kb), upload 48 kps (5kb)
| |
| user 2 : download 170 kps (21 kb), upload 48 kps (5kb)
|
user 1 : download 170 kps (21 kb), upload 48 kps (5kb)


i don't want to have these limits to be fixed, but i would like it to
work like HTB should work : unused bandwidth is "lend" to other users...
but i really want it to work for upload AND download. It's very important...

Thanks for you help



Server:
PC linux debian sid, kernel 2.4.22
iptables 1.2.8

users:
Windows and linux PCs

--

~~ Gaetan ~~
http://www.xeberon.net

Gaetan wrote:

> Hello
>
> I use a linux box to share my ADSL (512dw/128up) between some PC on a
> LAN (5 persons). I would like to be able to surf html pages and play
> games (ie it requieres low ping for these services) while heavy
> downloads (emule, bittorrents and other download/upload nibbles).
>
> So i started to look around iptables. I use MASQUERADING to translate
> adresses (ip are fixed in my LAN). After reading lot of HOWTO i started
> to build some scripts using tc classes.
>
> But the only thing i succeeded to is to share UPLOAD (using qdisc and
> filters). I have lot of problems to share DOWNLOAD speed.
> What i would like to have is a simple thing: share connexion with ip and
> NOT with services. I found lot of scripts which share upload and
> download traffic using services (ie 10% for pop, 20% for http (but
> hipriority), 30% for emules and clones...).
> I tryed with IMQ but it doesn't work: the NAT translation is done AFTER
> packets go throught IMQ table (iptables) so iptables doesn't know the
> true recipient packets go to. i tried with a kernel patch which should
> correct this but it doesn't work.
>
> Now a diagram of what i would like to have :
>
> internet
> |
> | ADSL. down 512 kps (60kb), up 128 (16 kb)
> |
> |
> linux server
> | | |
> | | |
> | | |
> | | user 3 : download 170 kps (21 kb), upload 48 kps (5kb)
> | |
> | user 2 : download 170 kps (21 kb), upload 48 kps (5kb)
> |
> user 1 : download 170 kps (21 kb), upload 48 kps (5kb)
>
>
> i don't want to have these limits to be fixed, but i would like it to
> work like HTB should work : unused bandwidth is "lend" to other users...
> but i really want it to work for upload AND download. It's very
> important...

There is a patch for IMQ to work after nat - I can't find the url at the mo.
It's been posted on LARTC mail list and in here - here are the contents of
the imqnat.diff.


--- imq.c.orig Sun Aug 11 15:30:24 2002
+++ imq.c Sun Aug 11 15:31:17 2002
@@ -37,7 +37,7 @@
imq_nf_hook,
PF_INET,
NF_IP_PRE_ROUTING,
- NF_IP_PRI_MANGLE + 1
+ NF_IP_PRI_NAT_DST + 1
};

static struct nf_hook_ops imq_egress_ipv4 = {
@@ -54,7 +54,7 @@
imq_nf_hook,
PF_INET6,
NF_IP6_PRE_ROUTING,
- NF_IP6_PRI_MANGLE + 1
+ NF_IP6_PRI_NAT_DST + 1
};

static struct nf_hook_ops imq_egress_ipv6 = {

Andy.

>>internet
>> |
>> | ADSL. down 512 kps (60kb), up 128 (16 kb)
>> |
>> |
>>linux server
>>| | |
>>| | |
>>| | |
>>| | user 3 : download 170 kps (21 kb), upload 48 kps (5kb)
>>| |
>>| user 2 : download 170 kps (21 kb), upload 48 kps (5kb)
>>|
>>user 1 : download 170 kps (21 kb), upload 48 kps (5kb)
>>
>>
>>i don't want to have these limits to be fixed, but i would like it to
>>work like HTB should work : unused bandwidth is "lend" to other users...
>>but i really want it to work for upload AND download. It's very
>>important...
>
>
> There is a patch for IMQ to work after nat - I can't find the url at the mo.
> It's been posted on LARTC mail list and in here - here are the contents of
> the imqnat.diff.
>
>
> --- imq.c.orig Sun Aug 11 15:30:24 2002
> +++ imq.c Sun Aug 11 15:31:17 2002
> @@ -37,7 +37,7 @@
> imq_nf_hook,
> PF_INET,
> NF_IP_PRE_ROUTING,
> - NF_IP_PRI_MANGLE + 1
> + NF_IP_PRI_NAT_DST + 1
> };
>
> static struct nf_hook_ops imq_egress_ipv4 = {
> @@ -54,7 +54,7 @@
> imq_nf_hook,
> PF_INET6,
> NF_IP6_PRE_ROUTING,
> - NF_IP6_PRI_MANGLE + 1
> + NF_IP6_PRI_NAT_DST + 1
> };
>
> static struct nf_hook_ops imq_egress_ipv6 = {
>
> Andy.

thx, but i already tried it but it doesn't seem to work. Is there any
other way to control traffic in download that using IMQ device?

>

--

~~ Gaetan ~~
http://www.xeberon.net

Gaetan wrote:


>
> thx, but i already tried it but it doesn't seem to work. Is there any
> other way to control traffic in download that using IMQ device?
>

>> i tried with a kernel patch which should
>>correct this but it doesn't work

Doh - I don't know how I missed that.

I am intending - to use IMQ - when I can get it to insmod at the same time
as Dan Singletarys' userspace program that I am currently using - the HTB
type scripts seemed too bursty and needed to sacrifice too much bandwidth
for me - maybe I should have tweaked them better.

http://www.sonicspike.net/software/

I am still in the process of setting up QOS and am also going for low
latency - Dans' program calculates the real bandwidth use of each packet,
which may increase by 53 bytes for one extra IP byte. It means you can max
the bandwidth but keep interactive only ever be max 1 packet from the wire.
Though at 128K up 1 packet takes a noticable time - 90ms at MTU 1500 - you
may actually be trained at higher than 128 though, and can lower MTU. You
have to tweak the overhead calculation and optimal MTU for the way things
are in your country (pppoe/pppoa etc.). You may be able to get a cell count
to help from your modem.

I still intend to use IMQ/HTB for downstream - though if I didn't want to
run bittorrent on my gateway I could just use HTB on my LAN interface which
will go to a switch - I guess you want/need/server on NAT box and a card
for each user so need IMQ.

As for the IMQ patch not working - I would post this to the LARTC mailing
list - someone on there may be able to help.

Andy.