Shaping in Linux (vlan + nat + in/out)?

0 like 0 dislike
Know about it is written a great many articles, but unfortunately, so far all of them has not made clear. =(

Is there a linux-router (small home provider, distro — gentoo), which distributes the Internet 150+ users.

You must ensure that the speed limit in and out for users according to their tariffs.

Each house has its own vlan, then all those VLANs come into the router. On the one eth interface to the Internet. All the users sit behind a nat.

Such a scheme is obtained:

{vlan1,vlan2,...,vlann}eth0 => (pc-router)[nat] => eth1

Respectively, to limit the speed of both incoming and outgoing for each user according to his TP.

Not to offer: the Diversity on different wheelbarrows, cisk.

Need to do it in a wheelbarrow. At least fraha with this problem in the other segment to cope with a Bang (at it and go, if still not master shaper in Linux, but still give up so easy don't want).

The idea is you need to make ifb virtual interface, but I can not understand how to make friends with in+out+nat+vlan.
by | 6 views

3 Answers

0 like 0 dislike
And what, exactly, is the problem? Mark using iptables in mangle::FORWARD, and then the usual HTB on vlan* and eth1, using filter fw drive traffic ACC. classes.
Will sapiti, respectively outcome interface. NAT absolutely not a problem because the coloring of the traffic occurs to him.
0 like 0 dislike
Frankly shaper in ipfw is MUCH easier than iproute2, so it's possible the transition to prahu still the right decision... even Though he linuksoid, but still.
0 like 0 dislike
Shaper in Linux harsh. Syntax tc that only helps. Especially if I have to split the incoming strip, a simple native way to do it I don't know. Only with the crutches as IMQ or IFB, IFB is better he's ideologically correct, and even like no need to patch kernel and iptables. Outgoing traffic (coming from the router, to users in Vilani) I would chapel live on their network intreface. Incoming from users, marked and wrapped in IFB. IFB is hung on a tree HTB classes and filters by brand users at each of the leaf(leaf). I will redirected traffic here this wonderful team
$TC filter add dev $VLAN parent ffff: protocol ip prio 1 u32 match u32 0 0 flowid 1:1 action ipt-j MARK --set-mark $VID action mirred egress redirect dev $IFB
In short bet prahu there if you understand it, so it will be easier for you and users safer

Related questions

0 like 0 dislike
1 answer
0 like 0 dislike
5 answers
0 like 0 dislike
2 answers
0 like 0 dislike
7 answers
asked Mar 21, 2019 by keylase
110,608 questions
257,186 answers
1,120 users