Traffic Shaping - controlling your outgoing traffic in order to match its flow speed to your link's speed to avoid slowdown in incoming traffic and network latency. If you got a slow uplink, you are probably familiar with the problem of having your uploads slow down your downloads and making the whole internet "experience" unbearably slow...
Create a file, put the following into it, edit it to fit your config, and make the file executable. Then just run it as root.
Without much further crap, here we go:
#!/bin/bash
echo "Loading simple firewall..."
#
# The location of the 'iptables' program
#
IPTABLES=/sbin/iptables
#
# Setting the EXTERNAL and INTERNAL interfaces for the network
#
EXTIF="ppp0"
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
#
# Configuring traffic shaping
#
# In UPLINK you specify your maximum upstream speed (in kbit).
# Normally you shouldn't touch burst, it should fine the way it is,
# but you can try raising it a little if your uploads are buggy...
#
UPLINK="96kbit"
BURST="1600"
#======================================================================
# Enable IP forwarding since it is disabled by default
#
# You may try changing the options in /etc/sysconfig/network
# from "FORWARD_IPV4=false" to "FORWARD_IPV4=true"
#
echo " enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option.
#
echo " enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
##
## IP forwarding and Masquerading
##
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
##
## TRAFFIC SHAPING!
##
echo " Shaping $EXTIF to $UPLINK (burst $BURST)"
# Delete old traffic shaping configuration for external interface
tc qdisc del dev $EXTIF root tbf
# Set new traffic shaping configuration for external interface
tc qdisc add dev $EXTIF root tbf rate $UPLINK latency 50ms burst $BURST
# Show current shaping configuration
tc qdisc show
echo "Firewall config done."
Important Note: If the network interface for which traffic shaping was defined goes down and up again - traffic control configuration is NOT preserved!
Therefore, in order to make traffic control effective, it is best to call this script from a script that is being executed when your network device starts:
For a dialup device: add it to some file in your /etc/ppp/ip-up.d directory (on Debian GNU/Linux) or /etc/ppp/ip-up.local script (on some other distros)
For an ethernet device: add it to some file in your /etc/network/if-up.d directory (on Debian GNU/Linux) or for other distros - RTFM.
Useful Links: