#!/bin/bash # The Ultimate Setup For Your Internet Connection At Home # # # Set the following values to somewhat less than your actual download # and uplink speed. In kilobits DOWNLINK=2450 #DOWNLINK=1860 #UPLINK=330 #UPLINK_BULK=120 UPLINK=710 UPLINK_FAST=510 UPLINK_BULK=100 UPLINK_MED=100 DEV=eth0 INT_DEV=eth1 WLAN_DEV=eth2 IPTABLES=/sbin/iptables TC=/usr/sbin/tc #TC=/sbin/tc echo ${UPLINK} # Kill tc settings $TC qdisc del dev $DEV root $IPTABLES -t mangle -F $IPTABLES -t mangle -X # Some iptables markings $IPTABLES -t mangle -N MANGLE_MARK # Set ACK as prioritized traffic $IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length 0:80 -j MARK --set-mark 20 $IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length 0:80 -j RETURN # Set user as LOW FTP #$IPTABLES -t mangle -A OUTPUT -m owner --uid-owner 502 -j MARK --set-mark 24 #$IPTABLES -t mangle -A OUTPUT -m owner --uid-owner 502 -j RETURN # Set icmp as prioritized traffic $IPTABLES -t mangle -A MANGLE_MARK -p icmp -j MARK --set-mark 20 $IPTABLES -t mangle -A MANGLE_MARK -p icmp -j RETURN # Set udp as prioritized traffic $IPTABLES -t mangle -A MANGLE_MARK -p udp -j MARK --set-mark 20 $IPTABLES -t mangle -A MANGLE_MARK -p udp -j RETURN # Set ftp as prioritized traffic $IPTABLES -t mangle -A MANGLE_MARK -p tcp --sport 21 -j MARK --set-mark 20 $IPTABLES -t mangle -A MANGLE_MARK -p tcp --sport 21 -j RETURN # Set ssh as prioritized traffic $IPTABLES -t mangle -A MANGLE_MARK -p tcp --sport ssh -j MARK --set-mark 20 $IPTABLES -t mangle -A MANGLE_MARK -p tcp --sport ssh -j RETURN # Set WWW as medium prioritized traffic $IPTABLES -t mangle -A MANGLE_MARK -p tcp --sport www -j MARK --set-mark 21 $IPTABLES -t mangle -A MANGLE_MARK -p tcp --sport www -j RETURN # Set SMTP as medium prioritized traffic $IPTABLES -t mangle -A MANGLE_MARK -p tcp --dport smtp -j MARK --set-mark 21 $IPTABLES -t mangle -A MANGLE_MARK -p tcp --dport smtp -j RETURN # Set everything as bulk traffic $IPTABLES -t mangle -A MANGLE_MARK -j MARK --set-mark 22 $IPTABLES -t mangle -A MANGLE_MARK -j RETURN # Jump to tables #$IPTABLES -t mangle -I OUTPUT -o $DEV -j MANGLE_MARK $IPTABLES -t mangle -I POSTROUTING -o $DEV -j MANGLE_MARK $IPTABLES -t mangle -I PREROUTING -i $DEV -j MANGLE_MARK # clean existing down- and uplink qdiscs, hide errors $TC qdisc del dev $DEV root 2> /dev/null > /dev/null $TC qdisc del dev $DEV ingress 2> /dev/null > /dev/null ###### uplink # install root HTB, point default traffic to 1:20: $TC qdisc add dev $DEV root handle 1: htb default 22 r2q 2 # shape everything at $UPLINK speed - this prevents huge queues in your # DSL modem which destroy latency: $TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit $TC class add dev $DEV parent 1:1 classid 1:20 htb rate ${UPLINK_FAST}kbit ceil ${UPLINK}kbit prio 0 $TC class add dev $DEV parent 1:1 classid 1:21 htb rate ${UPLINK_MED}kbit ceil ${UPLINK}kbit prio 5 $TC class add dev $DEV parent 1:1 classid 1:22 htb rate ${UPLINK_BULK}kbit ceil ${UPLINK}kbit prio 6 # both get Stochastic Fairness: $TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 $TC qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10 $TC qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10 # Match marked packets with tc (20=fast, 22=bulk) $TC filter add dev $DEV parent 1: protocol ip prio 0 handle 20 fw flowid 1:20 $TC filter add dev $DEV parent 1: protocol ip prio 0 handle 21 fw flowid 1:21 $TC filter add dev $DEV parent 1: protocol ip prio 0 handle 22 fw flowid 1:22 ########## downlink ############# # slow downloads down to somewhat less than the real speed to prevent # queuing at our ISP. Tune to see how high you can set it. # ISPs tend to have *huge* queues to make sure big downloads are fast # # attach ingress policer: $TC qdisc add dev $DEV handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything that's # coming in too fast: $TC filter add dev $DEV parent ffff: protocol ip prio 50 u32 \ match ip protocol 6 0xff \ match ip src 0.0.0.0/0 \ police rate ${DOWNLINK}kbit burst 10k drop flowid :1