traffic shaping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi All,

I've been using a script i found on the net for traffic shaping via shorewall for a while now but I'm not sure if the rules are being applied to packets going through the NAT tables - shorewall is installed on the box that connects my LAN to the internet.

Can someone take a look at the below and see if it shapes ALL traffic between my LAN and the Internet....


The script that starts it all (derived from 'the wondershaper')...

		DOWNLINK=512
		UPLINK=256
		DEV=ppp0
		# clean existing down- and uplink qdiscs, hide errors
		tc qdisc del dev $DEV root    2> /dev/null > /dev/null
		tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
		###### uplink
		# install root CBQ
		tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
		# shape everything at $UPLINK speed - this prevents huge queues in your
		# DSL modem which destroy latency:
		# main class
		tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \
		allot 1500 prio 5 bounded isolated
		# high prio class 1:10:
		tc class add dev $DEV parent 1:1 classid 1:5 cbq rate ${UPLINK}kbit \
   		allot 1600 prio 1 avpkt 1000
		# bulk and default class 1:10 - normal stuff
		tc class add dev $DEV parent 1:1 classid 1:10 cbq rate $[9*$UPLINK/10]kbit \
	   	allot 1600 prio 2 avpkt 1000
		#
		# bulk and default class 1:15 - gets slightly less traffic,
		#  and a lower priority:
		tc class add dev $DEV parent 1:1 classid 1:15 cbq rate $[5*$UPLINK/10]kbit \
		   allot 1600 prio 3 avpkt 1000
		# both get Stochastic Fairness:
		tc qdisc add dev $DEV parent 1:5 handle 5: sfq perturb 10
		tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
		tc qdisc add dev $DEV parent 1:15 handle 15: sfq perturb 10
		# filters
		tc filter add dev $DEV parent 1:0 protocol ip prio 5 handle 5 fw classid 1:5
		tc filter add dev $DEV parent 1:0 protocol ip prio 10 handle 10 fw classid 1:10
		tc filter add dev $DEV parent 1:0 protocol ip prio 15 handle 15 fw classid 1:15



example rule in /etc/shorewall/start...


#fast ssh in and out
iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j MARK --set-mark 0x5
iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 22 -j MARK --set-mark 0x5



Thanks in advance,

Jeff


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux