traffic shaping

Jeff jeff at virgin.net
Mon Jun 28 17:52:31 UTC 2004 

Hi All,

I've been using a script i found on the net for traffic shaping via shorewall for a while now but I'm not sure if the rules are being applied to packets going through the NAT tables - shorewall is installed on the box that connects my LAN to the internet.

Can someone take a look at the below and see if it shapes ALL traffic between my LAN and the Internet....


The script that starts it all (derived from 'the wondershaper')...

		DOWNLINK=512
		UPLINK=256
		DEV=ppp0
		# clean existing down- and uplink qdiscs, hide errors
		tc qdisc del dev $DEV root    2> /dev/null > /dev/null
		tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
		###### uplink
		# install root CBQ
		tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
		# shape everything at $UPLINK speed - this prevents huge queues in your
		# DSL modem which destroy latency:
		# main class
		tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \
		allot 1500 prio 5 bounded isolated
		# high prio class 1:10:
		tc class add dev $DEV parent 1:1 classid 1:5 cbq rate ${UPLINK}kbit \
   		allot 1600 prio 1 avpkt 1000
		# bulk and default class 1:10 - normal stuff
		tc class add dev $DEV parent 1:1 classid 1:10 cbq rate $[9*$UPLINK/10]kbit \
	   	allot 1600 prio 2 avpkt 1000
		#
		# bulk and default class 1:15 - gets slightly less traffic,
		#  and a lower priority:
		tc class add dev $DEV parent 1:1 classid 1:15 cbq rate $[5*$UPLINK/10]kbit \
		   allot 1600 prio 3 avpkt 1000
		# both get Stochastic Fairness:
		tc qdisc add dev $DEV parent 1:5 handle 5: sfq perturb 10
		tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
		tc qdisc add dev $DEV parent 1:15 handle 15: sfq perturb 10
		# filters
		tc filter add dev $DEV parent 1:0 protocol ip prio 5 handle 5 fw classid 1:5
		tc filter add dev $DEV parent 1:0 protocol ip prio 10 handle 10 fw classid 1:10
		tc filter add dev $DEV parent 1:0 protocol ip prio 15 handle 15 fw classid 1:15



example rule in /etc/shorewall/start...


#fast ssh in and out
iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j MARK --set-mark 0x5
iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 22 -j MARK --set-mark 0x5



Thanks in advance,

Jeff

More information about the redhat-list mailing list