[nSLUG] A post on nSLUG about using QOS and CBQ

Dop Ganger nslug at fop.ns.ca
Wed Oct 8 22:02:56 ADT 2003


On Sat, 4 Oct 2003, Michael Shalit wrote:

> I was Googling for some info on how to use Linux to throttle the maximum
> concurrent connections that iptables will do, and sure enough I stumbled
> on your post.  Right now I use CBQ to throttle my older brother who tends
> to leave WinMX and Kazaa on.  The problem with those applications is that
> they open too many concurrent connections -- which seems to cause my DSL
> connection to crap out for a few minutes.

I suspect you might be better off with rate limiting outgoing SYNs
from his IP address using iptables if that's what's causing your modem to
crap out. On the other hand, it may simply be the quantity of traffic -
I've seen the same thing with my cable modem when a muppet on my subnet
decides to flood targets with RST packets; if this is the case then QoS
should do it.

> Anyways, I would be most appreciative if you could send me a cleaned up
> copy of those CBQ scripts for single interface and dual interface Linux
> servers.

I never really got round to getting the time to do a "proper" release,
though an awful lot of people have downloaded the scripts at
http://qos.impsolutions.ca/ . These are the scripts I use myself (with
some tweaking here and there). In my copious free time, I'm also planning
to look at layer 7 filtering (http://l7-filter.sourceforge.net/) which may
be more appropriate to what you're trying to do with regards to
restricting P2P apps.

Cheers... Dop.




More information about the nSLUG mailing list