How to set up nat service and set tc traffic limit in Linux

The Internet environment is as follows: eth0 Internet ip address:. b. c. deth1 intranet ip1: 192.168.0.0/24 for the boss and bteth2 intranet ip2: 192.168.1.0/24 for me and csfans using linux for nat Command: echo1/proc/sys/net/ipv4/ip_forwardiptables-Fiptables-tnat

The Internet environment is as follows:

Eth0 Internet ip address: a. B. c. d

Eth1 intranet ip1: 192.168.0.0/24 for the boss and bt

Eth2 intranet ip2: 192.168.1.0/24 for me and csfans

UseLinuxThe nat Command is as follows:

Echo 1>/proc/sys/net/ipv4/ip_forward

　　Iptables-F

Iptables-t nat-F ---- clear old rules

Iptables-t nat-a postrouting-s 192.168.0.0/24-o eth0-jSNAT -- to a. B. c. d --- nat for intranet ip1

Iptables-t nat-a postrouting-s 192.168.1.0/24-o eth0-jSNAT -- to a. B. c. d --- nat for intranet ip2

------------ IsStreamVolume control is marked based on the fw filter

Iptables-I PREROUTING-t mangle-p tcp-s 192.168.0.0/24-jMARK -- set-mark 1

Iptables-I PREROUTING-t mangle-p tcp-s 192.168.1.0/24-jMARK -- set-mark 2

------------ Perform traffic control for the upload speed

Tc requires kernel 2.4.18 or above, so upgrade is not enough

Tc can only control the speed at which packets are sent by the NIC, so the upload speedRestrictionsTo be done on eth0

---- Delete old queue

Tc qdisc del dev eth0 root

---- Add a root queue with a Nic speed of 10 Mbit, and the upload speed is also available

Tc qdisc add dev eth0 root handle 100: cbq bandwidth 10 Mbitavpkt 1000

---- Add a root class

Tc class add dev eth0 parent 100:0 classid 100cbq bandwidth10Mbit rate 10 Mbit allot 1514 weight 1 Mbit prio 8 maxburst 8 avpkt1000 bounded

---- Add a subclass for intranet 1 speed limit of 300 Kbit

Tc class add dev eth0 parent 100classid 100:2 cbq bandwidth10Mbit rate 300 Kbit allot 1513 weight 30 Kbit prio 5 maxburst 8 avpkt 1000 bounded

---- Add a subclass for intranet 2 with a speed limit of 320 Kbit

Tc class add dev eth0 parent 100classid 100:3 cbq bandwidth10Mbit rate 320 Kbit allot 1513 weight 32 Kbit prio 6 maxburst 8 avpkt 1000 bounded

---- Set queue rules

Tc qdisc add dev eth0 parent 100:2 sfq quantum 1514b perturb15

Tc qdisc add dev eth0 parent 100:3 sfq quantum 1514b perturb15

------ Map the queue to the fw filter. the 1 of hand 1 is the tag that begins to use iptables, and the 2 of hand 2 is also the tag that begins to use iptables.

Tc filter add dev eth0 parent 100:0 protocol ip prio 1 handle1 fw classid 100:2

Tc filter add dev eth0 parent 100:0 protocol ip prio 2 handle2 fw classid 100:3

----------------------- I only limit the download speed of the boss and bt, and the filter uses u32.

Tc qdisc del dev eth1 root

Tc qdisc add dev eth1 root handle 200: cbq bandwidth 10 Mbitavpkt 1000

Tc class add dev eth1 parent 200:0 classid 200cbq bandwidth10Mbit rate 10 Mbit allot 1514 weight 2 Kbit prio 8 maxburst 8 avpkt1000 bounded

Tc class add dev eth1 parent 200classid 200:2 cbq bandwidth10Mbit rate 1000 Kbit allot 1513 weight 1 Mbit prio 5 maxburst 8 avpkt 1000 bounded

Tc qdisc add dev eth1 parent 200:2 sfq quantum 1514b perturb15

Tc filter add dev eth1 parent 200:0 protocol ip prio 25 u32match ip dst 192.168.0.0/24 flowid 200:2

----------------------

Now we can use tc-s qdisc ls dev eth0

Tc-s qdisc ls dev eth1

Tc-s class ls dev eth0

Tc-s class ls dev eth1 monitoring traffic