661 lines
13 KiB
HTML
661 lines
13 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Frequently Asked Questions</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.63
|
|
"><LINK
|
|
REL="HOME"
|
|
TITLE="Bandwidth Limiting HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Dealing with Other Bandwidth-consuming Protocols Using CBQ"
|
|
HREF="cbq.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Miscellaneous"
|
|
HREF="misc.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Bandwidth Limiting HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="cbq.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="misc.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="FAQ"
|
|
>5. Frequently Asked Questions</A
|
|
></H1
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN287"
|
|
>5.1. Is it possible to limit bandwidth on a per-user basis with delay pools?</A
|
|
></H2
|
|
><P
|
|
>Yes. Look inside the original <TT
|
|
CLASS="FILENAME"
|
|
>squid.conf</TT
|
|
> file and
|
|
check the Squid documentation on <A
|
|
HREF="http://www.squid-cache.org"
|
|
TARGET="_top"
|
|
>http://www.squid-cache.org</A
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN292"
|
|
>5.2. How do I make <B
|
|
CLASS="COMMAND"
|
|
>wget</B
|
|
> work with Squid?</A
|
|
></H2
|
|
><P
|
|
>It's simple. Create a file called <TT
|
|
CLASS="FILENAME"
|
|
>.wgetrc</TT
|
|
> and put it in your home directory.
|
|
Insert the following lines in it and that's it!</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>HTTP_PROXY=192.168.1.1:8080
|
|
FTP_PROXY=192.168.1.1:8080</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>You can make it work globally for all users, type <TT
|
|
CLASS="FILENAME"
|
|
>man wget</TT
|
|
>
|
|
to learn how.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN300"
|
|
>5.3. I set up my own SOCKS server listening on port 1080, and now I'm not able to connect to
|
|
any irc server.</A
|
|
></H2
|
|
><P
|
|
>There can be two issues here.</P
|
|
><P
|
|
>One is when your SOCKS proxy is open relay, that means everyone can use it from any place in the world.
|
|
It is a security issue and you should check your SOCKS proxy configuration again - generally irc servers don't
|
|
allow open relay SOCKS servers to connect to them.</P
|
|
><P
|
|
>If you are sure your SOCKS server isn't open relay, you may be still disallowed to connect to
|
|
some of the irc servers - it's because mostly they just check if SOCKS server is running on port 1080 of a client
|
|
that is connecting. In that case just reconfigure your SOCKS to work on a different port. You will also have to
|
|
reconfigure your LAN software to use a proper SOCKS server and port.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN305"
|
|
>5.4. I don't like when Kazaa or Audiogalaxy is filling up all my upload bandwidth.</A
|
|
></H2
|
|
><P
|
|
>Indeed that can be painful, but it's simple to be solved.</P
|
|
><P
|
|
>Create a file called for example <TT
|
|
CLASS="FILENAME"
|
|
>/etc/sysconfig/cbq/cbq-15.ppp</TT
|
|
>.</P
|
|
><P
|
|
>Insert the following lines into it, and Kazaa or Audiogalaxy will upload not faster than
|
|
about 15 kbits/s. I assume that your outgoing internet interface is ppp0.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>DEVICE=ppp0,115Kbit,11Kbit
|
|
RATE=15Kbit
|
|
WEIGHT=2Kbit
|
|
PRIO=5
|
|
TIME=01:00-07:59;110Kbit/11Kbit
|
|
RULE=,:21
|
|
RULE=,213.25.25.101
|
|
RULE=,:1214
|
|
RULE=,:41000
|
|
RULE=,:41001
|
|
#And so on till :41030
|
|
RULE=,:41030</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN312"
|
|
>5.5. My outgoing mail server is eating up all my bandwidth.</A
|
|
></H2
|
|
><P
|
|
>You can limit your SMTP, Postfix, Sendmail, or whatever, in a way similar to the question above.
|
|
Just change or add one rule:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>RULE=,:25</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Moreover, if you have an SMTP server, you can force your local LAN users to use it,
|
|
even though they have set up their own SMTP servers to smtp.some.server! We'll do it in a
|
|
transparent way we did before with Squid.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN317"
|
|
>5.6. Can I limit my own FTP or WWW server in a manner similar it is shown in the question above?</A
|
|
></H2
|
|
><P
|
|
>Generally you can, but usually these servers have got their own bandwidth limiting
|
|
configurations, so you will probably want to look into their documentation.</P
|
|
><P
|
|
>2.2.x Kernels</P
|
|
><P
|
|
><B
|
|
CLASS="COMMAND"
|
|
>/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 25 -p TCP -j REDIRECT 25</B
|
|
></P
|
|
><P
|
|
>2.4.x Kernels</P
|
|
><P
|
|
><B
|
|
CLASS="COMMAND"
|
|
>/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25
|
|
-j REDIRECT --to-port 25</B
|
|
></P
|
|
><P
|
|
>Don't forget to add a proper line to your initializing scripts.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN327"
|
|
>5.7. Is it possible to limit bandwidth on a per-user basis with <B
|
|
CLASS="COMMAND"
|
|
>cbq.init</B
|
|
> script?</A
|
|
></H2
|
|
><P
|
|
>Yes. Look inside this script; there are some examples.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN331"
|
|
>5.8. Whenever I start <TT
|
|
CLASS="FILENAME"
|
|
>cbq.init</TT
|
|
>, it says <TT
|
|
CLASS="FILENAME"
|
|
>sch_cbq</TT
|
|
> is missing.</A
|
|
></H2
|
|
><P
|
|
>Probably you don't have CBQ as modules in your system. If you have compiled CBQ into your kernel, comment out the
|
|
following lines in your <TT
|
|
CLASS="FILENAME"
|
|
>cbq.init-v0.6.2</TT
|
|
> script.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>### If you have cbq, tbf and u32 compiled into kernel, comment it out
|
|
#for module in sch_cbq sch_tbf sch_sfq sch_prio cls_u32; do
|
|
# if ! modprobe $module; then
|
|
# echo "**CBQ: could not load module $module"
|
|
# exit
|
|
# fi
|
|
#done</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN338"
|
|
>5.9. CBQ sometimes doesn't work for no reason.</A
|
|
></H2
|
|
><P
|
|
>Generally it shouldn't occur. Sometimes, you can observe mass downloads, though you
|
|
think you have blocked all ports Napster or Audiogalaxy uses. Well, there is always one more
|
|
port open for mass downloads. To find it, you can use IPTraf. As there can be possibly
|
|
thousands of such ports, it can be really hard task for you.
|
|
To make it easier, you can consider running your own SOCKS proxy - Napster, Audiogalaxy
|
|
and many programs can use SOCKS proxies, so it's much easier to deal with just one port,
|
|
than to do so with thousands of possibilites (standard SOCKS port is 1080, if you run your
|
|
own SOCKS proxy server, you will be able
|
|
to set it up differently, or run multiple instances of SOCKS proxy listening on
|
|
different ports). Don't forget to close all ports for traffic,
|
|
and leave open ports like 25 and 110 (SMTP and POP3), and other you think might be useful. You will
|
|
find a link to awesome Nylon socks proxy server at the end of this HOWTO.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN341"
|
|
>5.10. Delay pools are stupid; why can't I download something at full speed
|
|
when the network is used only by me?</A
|
|
></H2
|
|
><P
|
|
>Unfortunately, you can't do much about it.</P
|
|
><P
|
|
>The only thing you can do is to use <B
|
|
CLASS="COMMAND"
|
|
>cron</B
|
|
> and reconfigure
|
|
it, for example, at 1.00 am, so that Squid won't use delay pools, then reconfigure
|
|
it again, let's say at 7.30 am, to use delay pools.</P
|
|
><P
|
|
>To do this, create two separate config files, called for example
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>squid.conf-day</TT
|
|
> and <TT
|
|
CLASS="FILENAME"
|
|
>squid.conf-night</TT
|
|
>, and put them into
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/opt/squid/etc/</TT
|
|
>.</P
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>squid.conf-day</TT
|
|
> would be the exact copy of a config we created earlier</P
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>squid.conf-night</TT
|
|
>, on the contrary, would not have any delay pool lines, so
|
|
all you have to do is to comment them out.</P
|
|
><P
|
|
>Next thing you have to do is to set up <TT
|
|
CLASS="FILENAME"
|
|
>/etc/crontab</TT
|
|
> entries correctly.</P
|
|
><P
|
|
>Edit <TT
|
|
CLASS="FILENAME"
|
|
>/etc/crontab</TT
|
|
> and put the following lines there:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>#SQUID - night and day config change
|
|
01 9 * * * root /bin/cp -f /opt/squid/etc/squid.conf-day /opt/squid/etc/squid.conf; /opt/squid/bin/squid -k reconfigure
|
|
59 23 * * * root /bin/cp -f /opt/squid/etc/squid.conf-night /opt/squid/etc/squid.conf; /opt/squid/bin/squid -k reconfigure</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN359"
|
|
>5.11. My downloads break at 23:59 with "acl day time 09:00-23:59" in squid.conf. Can I do
|
|
something about it?</A
|
|
></H2
|
|
><P
|
|
>You can achieve by removing that acl from your squid.conf, and "delay_access 2 allow dzien
|
|
delay_access 2 deny !dzien" as well.</P
|
|
><P
|
|
>Then try to do it with <B
|
|
CLASS="COMMAND"
|
|
>cron</B
|
|
> as in the question above.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN364"
|
|
>5.12. Squid's logs grow and grow very fast, what can I do about it?</A
|
|
></H2
|
|
><P
|
|
>Indeed, the more users you have, the more - sometimes useful - information
|
|
will be logged.</P
|
|
><P
|
|
>The best way to eradicate it would be to use <B
|
|
CLASS="COMMAND"
|
|
>logrotate</B
|
|
>, but you'd have
|
|
to do a little trick to make it work with Squid: proper <B
|
|
CLASS="COMMAND"
|
|
>cron</B
|
|
> and
|
|
<B
|
|
CLASS="COMMAND"
|
|
>logrotate</B
|
|
> entries.</P
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/etc/crontab</TT
|
|
> entries:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>#SQUID - logrotate
|
|
01 4 * * * root /opt/squid/bin/squid -k rotate; /usr/sbin/logrotate /etc/logrotate.conf; /bin/rm -f /var/log/squid/*.log.0</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Here we have caused <B
|
|
CLASS="COMMAND"
|
|
>logrotate</B
|
|
> to start daily at 04:01 am, so remove
|
|
any remaining <B
|
|
CLASS="COMMAND"
|
|
>logrotate</B
|
|
> starting points, for example from <TT
|
|
CLASS="FILENAME"
|
|
>/etc/cron.daily/</TT
|
|
>.</P
|
|
><P
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>/etc/logrotate.d/syslog</TT
|
|
> entries:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>#SQUID logrotate - will keep logs for 40 days
|
|
/var/log/squid/*.log.0 {
|
|
rotate 40
|
|
compress
|
|
daily
|
|
postrotate
|
|
/usr/bin/killall -HUP syslogd
|
|
endscript
|
|
}</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN381"
|
|
>5.13. CBQ is stupid; why can't I download something at full speed when the
|
|
network is used only be me?</A
|
|
></H2
|
|
><P
|
|
>Lucky you, it's possible!</P
|
|
><P
|
|
>There are to ways to achieve it.</P
|
|
><P
|
|
>The first is the easy one, similar to the solution we've made with Squid. Insert a line
|
|
similar to the one below to your CBQ config files placed in
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/sysconfig/cbq/</TT
|
|
>:</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>TIME=00:00-07:59;110Kbit/11Kbit</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>You can have multiple TIME parameters in your CBQ config files.</P
|
|
><P
|
|
>Be careful though, because there is a small bug in that <TT
|
|
CLASS="FILENAME"
|
|
>cbq.init-v0.6.2</TT
|
|
> script - it won't let you
|
|
set certain times, for example 00:00-08:00! To make sure if everything is working correctly,
|
|
start <TT
|
|
CLASS="FILENAME"
|
|
>cbq.init-v0.6.2</TT
|
|
>, and then within the time you set, type</P
|
|
><P
|
|
><B
|
|
CLASS="COMMAND"
|
|
>/etc/rc.d/cbq.init-v0.6.2 timecheck</B
|
|
></P
|
|
><P
|
|
>This is the example how the proper output should look like:</P
|
|
><P
|
|
><TT
|
|
CLASS="LITERAL"
|
|
>[root@mangoo rc.d]# ./cbq.init start; ./cbq.init timecheck</TT
|
|
>
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>**CBQ: 3:44: class 10 on eth0 changed rate (20Kbit -> 110Kbit)</TT
|
|
>
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>**CBQ: 3:44: class 40 on ppp0 changed rate (15Kbit -> 110Kbit)</TT
|
|
>
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>**CBQ: 3:44: class 50 on eth0 changed rate (35Kbit -> 110Kbit)</TT
|
|
></P
|
|
><P
|
|
>In this example something went wrong, probably in the second config file placed in
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/sysconfig/cbq/</TT
|
|
>; second counting from the lowest number in its name:</P
|
|
><P
|
|
><TT
|
|
CLASS="LITERAL"
|
|
>[root@mangoo rc.d]# ./cbq.init start; ./cbq.init timecheck
|
|
**CBQ: 3:54: class 10 on eth0 changed rate (20Kbit -> 110Kbit)</TT
|
|
>
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>./cbq.init: 08: value too great for base (error token is "08")</TT
|
|
></P
|
|
><P
|
|
>The second way to make CBQ more intelligent is harder - it doesn't depend on time. You can read about it in the Linux
|
|
2.4 Advanced Routing HOWTO, and play with <TT
|
|
CLASS="FILENAME"
|
|
>tc</TT
|
|
> command.</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="cbq.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="misc.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Dealing with Other Bandwidth-consuming Protocols Using CBQ</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Miscellaneous</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |