Hi, Herman.
There are many way to do this, because it depends of your infrastructure. If your Proxy (squid) is also your Firewall (iptables), on the same equipament, one way you can do it is:
GROUP1 = 5Mb (dinamic
IP)
GROUP2 = 3Mb (IP range: 192.168.1.50-192.168.1.70)
PROXY is working with the port 3128 and the workstation is using this PROXY
* Go to the DHCP server and link the MAC addresses of the GROUP2 with a IP addresses. It necessary, because you will book 5Mb through the workstations IP address and this address cannot change some days later;
* Go to the Firewall. In this equipament, you need to use the commands: IPTABLES (table mangle) and TC (traffic control). The TC command is a little hard to learn, but it's not impossible;
** Put in a file the following lines:
#!/bin/bash
# RULE THAT DELETE THE QDISCS IF IT IS ALREADY CONFIGURED
tc qdisc del dev eth0 root
# RULE THAT SET THE ROOT QDISC (1:0)
tc qdisc add dev eth0 root handle 1:0 htb default 100
# RULE THAT SET THE CLASSES (1:1) AND WHAT INTERFACE WILL BE CONTROLLED
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 100mbit
# CLASSES
(here is the more important - SET THE BOOKED SPEED)
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 1kbit ceil 3000kbit prio 0 # GROUP2 (3000kbit)
tc class add dev eth0 parent 1:1 classid 1:100 htb rate 10mbit ceil 100mbit prio 1 # GERAL (100mbit or the NIC speed)
# IPTABLES (MANGLE - Redirect que traffic to pass through the FIRST classe above)
iptables -t mangle -F
iptables -t mangle -A OUTPUT -m iprange --dst-range 192.168.1.50-192.168.1.70 -p tcp --sports 3128 -j CLASSIFY --set-class 1:10 # HTTP, HTTPs and FTP
iptables -t mangle -A FORWARD -m iprange --dst-range 192.168.1.50-192.168.1.70 -j CLASSIFY --set-class 1:10 # The other protocols
This file must be executable (chmod u+x) and put in "/etc/rc.local"
I know that these commands above are not friendly, but I will explain better later. I did it very fast and I can not reviewed. But it will give you a direction you can follow.
Any questions, please, ask me. Regards,
Hugo
AzevedoCertificado / Certified: LPI-1, NCLA e NDCTS
www.hugoazevedo.eti.br
"Na caixa dizia: Requer Micro$oft Windows ou superior, então eu instalei o GNU/Linux!"
"On the box said: Requires Micro$oft Windows or better, so I installed the GNU/Linux!"
EVANGELHO - A-
A+ — O Senhor esteja convosco. — Ele está no meio de nós. — PROCLAMAÇÃO do Evangelho de Jesus Cristo + segundo Mateus. — Glória a vós, Senhor! Naquele
tempo, disse Jesus aos seus discípulos: 7"Pedi e vos será dado! Procurai e achareis! Batei e a porta vos será aberta! 8Pois todo aquele que pede recebe; quem procura encontra; e a quem bate a porta será aberta. 9Quem de vós dá ao filho uma pedra, quando ele pede um pão? 10Ou lhe dá uma cobra, quando ele pede um peixe? 11Ora, se vós, que sois maus, sabeis dar coisas boas a vossos filhos, quanto mais vosso Pai que está nos céus dará coisas boas aos que lhe pedirem! 12Tudo quanto quereis que os outros vos façam, fazei também a eles. Nisto consiste a Lei e os Profetas". - Palavra da Salvação. - Glória a vós, Senhor.
--- Em qui, 6/1/11, Herman <herman_leao@yahoo.com> escreveu:
De: Herman <herman_leao@yahoo.com>
Assunto: [LINUX_Newbies] Sharing broadband with band
controller
Para: LINUX_Newbies@yahoogroups.com
Data: Quinta-feira, 6 de Janeiro de 2011, 17:10
Hi guys I`m a network admin in my job. Listen in my work have a link of 8Mb and the big question is:
My boss want what i divide the broadband in 2 groups. One with 5mb and the other with the rest of band. I use squid proxy server with delaypools rules, but i don`t get the real work function. Please someone can help me about that.
Regards.
Thanxs a lot.
[Non-text portions of this message have been removed]
No comments:
Post a Comment