#!/bin/bash # to see what is in your filter: # tc qdisc show # to clear your buffer/filter # tc qdisc del dev eth0 root # tc qdisc del dev eth0 ingress # The Ultimate Setup For Your Internet Connection At Home # # # Set the following values to somewhat less than your actual download # and uplink speed. In kilobits DOWNLINK=20000 # UPLINK=2000 # this is 2megabit FULL UPLINK UPLINK=1500 DEV=eth0 DEV2=eth1 TC='/usr/local/sbin/tc' TC='/sbin/tc' # 21 ftp control line # 22 ssh secure shell # 53 dns domain lookup # 123 ntp time protocol # 5121 neverwinter nights # 7144 peercast # 7145 peercast # 14567 battlefield 1942 # 16567 battlefield 2 # VPN 5500 5800 5900 # PORTS_HI="21 22 23 53 123 5121 5190 5191 5192 5193 5222 5269 5500 5800 5900 7144 7145 8767 14567 14568 14690" PORTS_HI="21 22 53 123 5121 5190 5191 5192 5193 5222 5269 5500 5800 5900 8767 14567 14568 14690 16567 16568 16690" # clean existing down- and uplink qdiscs, hide errors $TC qdisc del dev $DEV root 2> /dev/null > /dev/null $TC qdisc del dev $DEV ingress 2> /dev/null > /dev/null ###### uplink # install root HTB, point default traffic to 1:20: $TC qdisc add dev $DEV root handle 1: htb default 20 # shape everything at $UPLINK speed - this prevents huge queues in your # DSL modem which destroy latency: $TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k # high prio class 1:10: $TC class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \ burst 6k prio 1 # bulk & default class 1:20 - gets slightly less traffic, # and a lower priority: $TC class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \ burst 6k prio 2 # both get Stochastic Fairness: $TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10 $TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 # TOS Minimum Delay (ssh, NOT scp) in 1:10: $TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ match ip tos 0x10 0xff flowid 1:10 # ICMP (ip protocol 1) in the interactive class 1:10 so we # can do measurements & impress our friends: $TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ match ip protocol 1 0xff flowid 1:10 # To speed up downloads while an upload is going on, put ACK packets in # the interactive class: $TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10 for PORT in ${PORTS_HI}; do $TC filter add dev $DEV protocol ip parent 1:0 prio 0 u32 match ip dport $PORT 0xffff flowid 1:10 $TC filter add dev $DEV protocol ip parent 1:0 prio 0 u32 match ip sport $PORT 0xffff flowid 1:10 done # rest is 'non-interactive' ie 'bulk' and ends up in 1:20 ########## downlink ############# # slow downloads down to somewhat less than the real speed to prevent # queuing at our ISP. Tune to see how high you can set it. # ISPs tend to have *huge* queues to make sure big downloads are fast # # attach ingress policer: ###$TC qdisc add dev $DEV handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything that's # coming in too fast: ###$TC filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ ###0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1