2009-12-26 21:40:16 +01:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
|
|
|
<refentry>
|
|
|
|
<refmeta>
|
|
|
|
<refentrytitle>shorewall-tcinterfaces</refentrytitle>
|
|
|
|
|
|
|
|
<manvolnum>5</manvolnum>
|
|
|
|
</refmeta>
|
|
|
|
|
|
|
|
<refnamediv>
|
|
|
|
<refname>tcinterfaces</refname>
|
|
|
|
|
|
|
|
<refpurpose>Shorewall file</refpurpose>
|
|
|
|
</refnamediv>
|
|
|
|
|
|
|
|
<refsynopsisdiv>
|
|
|
|
<cmdsynopsis>
|
|
|
|
<command>/etc/shorewall/tcinterfaces</command>
|
|
|
|
</cmdsynopsis>
|
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Description</title>
|
|
|
|
|
|
|
|
<para>This file lists the interfaces that are subject to simple traffic
|
|
|
|
shaping. Simple traffic shaping is enabled by setting TC_ENABLED=Simple in
|
|
|
|
<ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
|
|
|
|
2010-02-09 15:42:31 +01:00
|
|
|
<para>A note on the <emphasis>bandwidth</emphasis> definition used in this
|
|
|
|
file:</para>
|
|
|
|
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem>
|
|
|
|
<para>don't use a space between the integer value and the unit: 30kbit
|
|
|
|
is valid while 30 kbit is not.</para>
|
|
|
|
</listitem>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>you can use one of the following units:</para>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
2010-02-09 15:49:30 +01:00
|
|
|
<term><emphasis role="bold">kbps</emphasis></term>
|
2010-02-09 15:42:31 +01:00
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Kilobytes per second.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis role="bold">mbps</emphasis></term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Megabytes per second.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis role="bold">kbit</emphasis></term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Kilobits per second.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis role="bold">mbit</emphasis></term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Megabits per second.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis role="bold">bps</emphasis> or <emphasis
|
|
|
|
role="bold">number</emphasis></term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Bytes per second.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</listitem>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Only whole integers are allowed.</para>
|
|
|
|
</listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
|
2009-12-26 21:40:16 +01:00
|
|
|
<para>The columns in the file are as follows.</para>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis role="bold">INTERFACE</emphasis></term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>The logical name of an interface. If you run both IPv4 and
|
|
|
|
IPv6 Shorewall firewalls, a given interface should only be listed in
|
|
|
|
one of the two configurations.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis role="bold">TYPE</emphasis> - [<emphasis
|
|
|
|
role="bold">external</emphasis>|<emphasis
|
|
|
|
role="bold">internal</emphasis>]</term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Optional. If given specifies whether the interface is
|
|
|
|
<emphasis role="bold">external</emphasis> (facing toward the
|
|
|
|
Internet) or <emphasis role="bold">internal</emphasis> (facing
|
|
|
|
toward a local network) and enables SFQ flow classification.</para>
|
|
|
|
|
|
|
|
<note>
|
|
|
|
<para>Simple traffic shaping is only useful on interfaces where
|
|
|
|
queuing occurs. As a consequence, internal interfaces seldom
|
|
|
|
benefit from simple traffic shaping. VPN interfaces are an
|
|
|
|
exception because the encapsulated packets are later transferred
|
|
|
|
over a slower external link.</para>
|
|
|
|
</note>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>IN-BANDWIDTH - [<replaceable>rate</replaceable>]</term>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>Optional. If specified, enables ingress policing on the
|
|
|
|
interface. If incoming traffic exceeds the given
|
|
|
|
<replaceable>rate</replaceable>, received packets are dropped
|
|
|
|
randomly. With some DSL and Cable links, large queues can build up
|
|
|
|
in the ISP's gateway router. While this insures maximum throughput,
|
|
|
|
it kills interactive response time. By setting IN-BANDWIDTH, you can
|
|
|
|
eliminate these queues.</para>
|
|
|
|
|
|
|
|
<para>To pick an appropriate setting, we recommend that you start by
|
|
|
|
setting it significantly below your measured download bandwidth (20%
|
|
|
|
or so). While downloading, measure the ping response time from the
|
|
|
|
firewall to the upstream router as you gradually increase the
|
|
|
|
setting.The optimal setting is at the point beyond which the ping
|
|
|
|
time increases sharply as you increase the setting.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>FILES</title>
|
|
|
|
|
|
|
|
<para>/etc/shorewall/tcinterfaces.</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>See ALSO</title>
|
|
|
|
|
|
|
|
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
|
|
|
|
shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
|
|
|
|
shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
|
|
|
|
shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
|
|
|
|
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
|
|
|
|
shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
|
|
|
|
shorewall.conf(5), shorewall-tcpri(5), shorewall-tcrules(5),
|
|
|
|
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
|
|
|
|
</refsect1>
|
|
|
|
</refentry>
|