Ubuntu – Prioritize traffic from LAN computers

iptablesnetworking

I'm running torrent client on my headless Ubuntu server. Also number of computers are connected to this server, which is used as internet gateway/router. The question is whether it's possible to configure iptables to prioritize traffic from eth1(lan if) over local traffic generated by server? Something like QOS..

Best Answer

There are several alternatives to achieve what you are looking for. But first of all, yes it is possible. Though, many of the possibilities are rather complex.

One of the easiest options might be to run the torrent daemon under a own user\group. Then use iptables to mark all traffic from that user\group with a flag. Then later let the tc filter on that flag and put it in the low priority queue. Look at the bottom of this wiki for an idea.

For what you are asking do you only need two queues(fig 1.), one low priority and one high. Though it might be better to stick with something closer to this example. You can adopt the example to your needs, just drop the part with nat and make the default mark lower value than the mark you will use for the traffic generated by the daemon.

So for my suggestion you can use something like iptables -A OUTPUT -t mangle -m owner --uid-owner ZZZZ -j MARK --set-mark 6 ZZZZ is the user identificator.

An alternative for setting a flag might be to use iptables -A OUTPUT -t mangle -m owner --uid-owner ZZZZ -j CLASSIFY --set-class X:Y where X and Y is the class identifier, and ZZZZ is the user identificator.

Fig 1:

+---------+
| root 1: |
+---------+
     |
+------------+
| class 1:1  |
+------------+
  |      |    
+----+ +----+ 
|1:10| |1:11| 
+----+ +----+

The best might be to have a leaf for every fw mark. But my best advice now is, read and try to understand the example referred above to adopt it to your needs. If you have any questions add them.

In the example referred above, is it important that you understand this part (fig 2.) when you want to write iptables rules for marking or classifying traffic. For a short explanation of it with a slightly different looking diagram have a look at this.

Fig 2:

First you have to understand how packet traverse the filters with iptables:

        +------------+                +---------+               +-------------+
Packet -| PREROUTING |--- routing-----| FORWARD |-------+-------| POSTROUTING |- Packets
input   +------------+    decision    +---------+       |       +-------------+    out
                             |                          |
                        +-------+                    +--------+   
                        | INPUT |---- Local process -| OUTPUT |
                        +-------+                    +--------+

This will point you in the right direction:

Rules, Guidelines and Approaches

Linux Advanced Routing & Traffic Control HOWTO: Rate limiting a single host or netmask

A Traffic Control Journey: Real World Scenarios

Iptables Tutorial 1.2.2

Best Answer

Related Solutions

Ubuntu – How to write an iptables rule to limit Internet bandwidth usage of user or IP address

Related Question