extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-25 00:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add traffic shaping to my network configuration

Browse Source
This commit is contained in:
Tom Eastep 2009-08-02 08:36:29 -07:00
parent 4cd41a81f7
commit 0e09292587
3 changed files with 314 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
docs/MyNetwork.xml
View File

@ -80,6 +80,10 @@
<listitem>
<para><ulink url="ManualChains.html">Manual Chains</ulink></para>
</listitem>
<listitem>
<para><ulink url="traffic_shaping.htm">Traffic Shaping</ulink></para>
</listitem>
</itemizedlist>
<para>Linux runs the firewall and the servers (although they run in OpenVZ
@ -330,7 +334,7 @@ loc tun+ detect</programlisting>Notice that VPN clients are treated
the same as local hosts.</para>
<para>I set the <emphasis role="bold">proxyarp</emphasis> option on
$EXT_IF so that </para>
$EXT_IF so that</para>
<orderedlist numeration="loweralpha">
<listitem>
@ -746,6 +750,98 @@ chmod 744 ${VARDIR}/state</programlisting>Kill lsm if the command is stop or
clear. Make the state file world-readable.</para>
</section>
<section>
<title>/etc/shorewall/tcdevices</title>
<para><programlisting>#INTERFACE IN-BANDWITH OUT-BANDWIDTH OPTIONS
$EXT_IF - 300kbit classify
$INT_IF - 80mbit classify
$COM_IF - 4mbit classify,hfsc
</programlisting>The use of HFSC on the Comcast link is largely to provide a
test bed for that qdisc; I really don't have any real-time requirement
such as VOIP.</para>
</section>
<section>
<title>/etc/shorewall/tcclasses</title>
<para><programlisting>INTERFACE MARK RATE CEIL PRIORITY OPTIONS
1:110 - full/4 full 1 tcp-ack,tos-minimize-delay
1:120 - full/4 full 2 flow=nfct-src
1:130 - full/4 230kbit 3 default,flow=nfct-src
1:140 - full/4 230kbit 4 flow=nfct-src
2:10 - 95*full/100 full 1 flow=dst
2:100 - 14mbit 20mbit 2
2:100:101 - 7mbit 20mbit 3 default,flow=dst
2:100:102 - 7mbit 20mbit 3 flow=dst
3:10 - 2mbit:4ms full 1 flow=nfct-src
3:100 - 2mbit full 2
3:100:101 - 1mbit full 3 default,flow=nfct-src
3:100:102 - 1mbit full 3 flow=nfct-src
</programlisting>Note that most of the outgoing bandwidth on the local
interface is allocated to one class. That class is used for local
traffic.</para>
</section>
<section>
<title>/etc/shorewall/tcfilters</title>
<para><programlisting>#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH
#CLASS PORT(S) PORT(S)
# =============================== AVVANTA ====================================
#
# Give Highest priority to LSM's pings to the gateway and to DNS queries
#
1:110 206.124.146.176 206.124.146.254 icmp
1:110 206.124.146.177 - udp 53
#
# Second Highest priority to IPv6 Tunnel
#
1:120 206.124.146.180
#
# Lowest priority to bulk traffic
#
1:140 206.124.146.177 - tcp - 873 - 2048
1:140 206.124.146.177 - - - - tos-minimize-cost
</programlisting>The tcfilters file is only used for the Avvanta provider
because it has static public IP addresses.</para>
</section>
<section>
<title>/etc/shorewall/tcrules</title>
<para><programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST LENGTH TOS
# PORT(S)
COMMENT Shape incoming traffic
#
# Most of the bandwidth is reserved for local traffic since the downlinks aren't that fast
#
2:10 206.124.146.176/30 $INT_IF
2:10 206.124.146.177 $INT_IF
2:10 172.20.1.254 $INT_IF
#
# Guarantee 1/2 of the incoming bandwidth for my work system
#
2:102 0.0.0.0/0 $INT_IF:172.20.1.107
COMMENT Shape outgoing traffic to Comcast
#
# Give 1/2 to my work system and add a latency guarantee
#
3:10 172.20.1.107 $COM_IF
#
# Restrict Torrent uploads
#
3:102 172.20.1.0/24 $COM_IF tcp - 6881:6889
</programlisting>The tcrules file is used to classify traffic that deals with
the local network and/or with Comcast.</para>
</section>
<section id="tunnels">
<title>/etc/shorewall/tunnels</title>

2
tools/build/upload44
View File

@ -172,6 +172,8 @@ fi
files="errata known_problems.txt releasenotes.txt patch-*-$1 ${1}.*"
base=
rm -f *-${1}*.asc
for f in *-${1}.tar.bz2 *-${1}.tgz; do
/usr/bin/gpg -ab --batch --comment 'To verify this, you can download our public key at https://lists.shorewall.net/shorewall.gpg.key' $f
done

430
web/shorewall_index.htm
View File

@ -1,215 +1,215 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8">
<title>Shoreline Firewall (Shorewall)</title>
<base target="_self">
<meta name="CREATED" content="20040920;15031500">
<meta name="CHANGED" content="$Id$">
</head>
<body dir="ltr" lang="en-US">
<hr style="width: 100%; height: 2px;">
<table
style="text-align: left; width: 100%; background-color: rgb(255, 255, 255);"
border="0" cellpadding="2" cellspacing="0">
<tbody>
<tr>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#Releases">Current Shorewall Releases</a><br>
</td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255); background-color: rgb(255, 255, 255);"><a
href="#GettingStarted">Getting Started with Shorewall</a><br>
</td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#Info">Looking for Information?</a><br>
</td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#WhatIs">What is Shorewall?</a><br>
</td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#License">License<br>
</a></td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#Donations">Donations</a><br>
</td>
<td style="vertical-align: top;"><a href="#Logo"><span
style="font-weight: bold;">Logo</span></a><br>
</td>
<td style="vertical-align: top; color: rgb(255, 255, 255);"><a
href="#Copyright"><span style="font-weight: bold;">Copyright</span></a><br>
</td>
</tr>
</tbody>
</table>
<hr style="width: 100%; height: 2px;"><span style="font-weight: bold;">2009-07-26</span><br>
<h3><a href="Notices.html#Shell-EOL">Attention Shorewall-shell users</a><br>
</h3>
<h3><a name="Releases"></a>Current Shorewall Releases</h3>
<table style="text-align: left; width: 100%;" border="0" cellpadding="2"
cellspacing="0">
<tbody>
<tr>
<td style="vertical-align: top;">
<div style="margin-left: 40px;"><span style="font-weight: bold;">Current
Stable Release</span><br>
</div>
</td>
<td style="vertical-align: top;"><span style="font-weight: bold;">4.2.10</span>
(includes <a href="IPv6Support.html">IPv6 support.</a>)</td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.10/releasenotes.txt">Release
notes</a> </td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.10/known_problems.txt">Known
Problems</a></td>
</tr>
<tr>
<td style="vertical-align: top;">
<div style="margin-left: 40px;"><span style="font-weight: bold;">Previous
Stable Release</span><br>
</div>
</td>
<td style="vertical-align: top;"><span style="font-weight: bold;">4.0.15</span><br>
</td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.15/releasenotes.txt">Release
Notes</a><br>
</td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.15/known_problems.txt">Known
Problems</a><br>
</td>
</tr>
<tr>
<td style="vertical-align: top;">
<div style="margin-left: 40px;"><span style="font-weight: bold;">Development
Release</span><br>
</div>
</td>
<td style="vertical-align: top;"><span style="font-weight: bold;">4.4.0
RC 1</span><br>
</td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-RC1/releasenotes.txt">Release
Notes<br>
</a> </td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-RC1/known_problems.txt">Known
Problems</a> </td>
</tr>
</tbody>
</table>
<p style="margin-left: 40px;">Read more about the Shorewall <a
href="Shorewall-4.html">4.x
releases here</a>. Get them from the <a href="download.htm">download
sites</a></p>
<h3><a name="GettingStarted"></a>Getting Started with Shorewall</h3>
<p style="margin-left: 0.42in;">New to Shorewall? Download the current
Stable
version (see above) then select the <a
href="shorewall_quickstart_guide.htm">QuickStart Guide</a> that most
closely
matches your environment and follow the step by step instructions.</p>
<h3><a name="Info"></a>Looking for Information?</h3>
<p style="margin-left: 0.42in;">The <a href="Documentation_Index.html">Documentation
Index</a> is a good place to start as
is the Site Search in the frame above.</p>
<h3><a name="WhatIs"></a>What is Shorewall?<br>
</h3>
<p style="margin-left: 0.42in;">For a high level description of
Shorewall, see the <a href="Introduction.html">Introduction to
Shorewall</a>. To review Shorewall functionality, see the <a
href="shorewall_features.htm">Features Page</a>.<br>
</p>
<h3><a name="License"></a>License</h3>
<p style="margin-left: 0.42in;">This program is free software; you can
redistribute it and/or modify it under the terms of <a
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU
General
Public License</a> as published by the Free Software Foundation.</p>
<p style="margin-left: 0.42in;">This program is distributed in the hope
that
it will be useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the GNU
General Public License for more detail.</p>
<p style="margin-left: 0.42in;">You should have received a copy of the
GNU
General Public License along with this program; if not, write to the
Free
Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.</p>
<p style="margin-left: 0.42in;">Permission is granted to copy,
distribute
and/or modify this document under the terms of the GNU Free
Documentation
License, Version 1.2 or any later version published by the Free
Software
Foundation; with no Invariant Sections, with no Front-Cover, and with
no
Back-Cover Texts. A copy of the license is included in the section
entitled
"GNU Free Documentation License"</p>
<h3><a name="Donations"></a>Donations</h3>
<div style="margin-left: 40px;"><a href="http://www.alz.org/"
target="_top"><font color="#000080"><img
alt="(Alzheimer's Association Logo)" src="images/alz_logo2.gif"
name="Graphic2" align="right" border="1" height="66" width="306"></font></a><a
href="http://www.starlight.org/" target="_top"><font color="#000080"><img
alt="(Starlight Foundation Logo)" src="images/newlog.gif"
name="Graphic3" align="right" border="1" height="108" width="65"></font></a>Shorewall
is free but if you try it and
find it useful, please consider making a donation to the <a
href="http://www.alz.org/" target="_top">Alzheimer's Association</a>
or to
the <a href="http://www.starlight.org/" target="_top">Starlight
Children's
Foundation</a>. <br>
</div>
<p><br>
</p>
<div style="margin-left: 40px;">Thank You</div>
<h3><a name="Logo">Logo</a></h3>
<p style="margin-left: 40px;">The <a target="_top"
href="http://wiki.shorewall.net/wiki/LogoDesignCompetition">Shorewall
Logo</a> is the work of Gareth Davies of <a target="_top"
href="http://thusa.co.za/">Thusa</a> and is licensed under the
Creative
Commons
Attribution-Share Alike 2.5 South Africa License. To view a copy of
this
licence, visit <a
href="http://creativecommons.org/licenses/by-sa/2.5/za/">http://creativecommons.org/licenses/by-sa/2.5/za/
</a>or send a
letter to Creative Commons, 171 Second Street, Suite 300, San
Francisco,
California 94105, USA.<br>
</p>
<h3><a name="Copyright">Copyright</a></h3>
<div style="margin-left: 40px;">Copyright © 2001-2009 Thomas M.
Eastep
</div>
<br>
<div style="margin-left: 40px;">Permission is granted to copy,
distribute and/or modify
this
document
under the terms of the GNU Free Documentation License, Version 1.2 or
any
later version published by the Free Software Foundation; with no
Invariant
Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
the
license is included in the section entitled <span
style="text-decoration: underline;">"</span><a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>".</div>
<p align="left"><br>
</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8">
<title>Shoreline Firewall (Shorewall)</title>
<base target="_self">
<meta name="CREATED" content="20040920;15031500">
<meta name="CHANGED" content="$Id$">
</head>
<body dir="ltr" lang="en-US">
<hr style="width: 100%; height: 2px;">
<table
style="text-align: left; width: 100%; background-color: rgb(255, 255, 255);"
border="0" cellpadding="2" cellspacing="0">
<tbody>
<tr>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#Releases">Current Shorewall Releases</a><br>
</td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255); background-color: rgb(255, 255, 255);"><a
href="#GettingStarted">Getting Started with Shorewall</a><br>
</td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#Info">Looking for Information?</a><br>
</td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#WhatIs">What is Shorewall?</a><br>
</td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#License">License<br>
</a></td>
<td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#Donations">Donations</a><br>
</td>
<td style="vertical-align: top;"><a href="#Logo"><span
style="font-weight: bold;">Logo</span></a><br>
</td>
<td style="vertical-align: top; color: rgb(255, 255, 255);"><a
href="#Copyright"><span style="font-weight: bold;">Copyright</span></a><br>
</td>
</tr>
</tbody>
</table>
<hr style="width: 100%; height: 2px;"><span style="font-weight: bold;">2009-08-01</span><br>
<h3><a href="Notices.html#Shell-EOL">Attention Shorewall-shell users</a><br>
</h3>
<h3><a name="Releases"></a>Current Shorewall Releases</h3>
<table style="text-align: left; width: 100%;" border="0" cellpadding="2"
cellspacing="0">
<tbody>
<tr>
<td style="vertical-align: top;">
<div style="margin-left: 40px;"><span style="font-weight: bold;">Current
Stable Release</span><br>
</div>
</td>
<td style="vertical-align: top;"><span style="font-weight: bold;">4.2.10</span>
(includes <a href="IPv6Support.html">IPv6 support.</a>)</td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.10/releasenotes.txt">Release
notes</a> </td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.10/known_problems.txt">Known
Problems</a></td>
</tr>
<tr>
<td style="vertical-align: top;">
<div style="margin-left: 40px;"><span style="font-weight: bold;">Previous
Stable Release</span><br>
</div>
</td>
<td style="vertical-align: top;"><span style="font-weight: bold;">4.0.15</span><br>
</td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.15/releasenotes.txt">Release
Notes</a><br>
</td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.15/known_problems.txt">Known
Problems</a><br>
</td>
</tr>
<tr>
<td style="vertical-align: top;">
<div style="margin-left: 40px;"><span style="font-weight: bold;">Development
Release</span><br>
</div>
</td>
<td style="vertical-align: top;"><span style="font-weight: bold;">4.4.0
RC 2</span><br>
</td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-RC2/releasenotes.txt">Release
Notes<br>
</a> </td>
<td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-RC2/known_problems.txt">Known
Problems</a> </td>
</tr>
</tbody>
</table>
<p style="margin-left: 40px;">Read more about the Shorewall <a
href="Shorewall-4.html">4.x
releases here</a>. Get them from the <a href="download.htm">download
sites</a></p>
<h3><a name="GettingStarted"></a>Getting Started with Shorewall</h3>
<p style="margin-left: 0.42in;">New to Shorewall? Download the current
Stable
version (see above) then select the <a
href="shorewall_quickstart_guide.htm">QuickStart Guide</a> that most
closely
matches your environment and follow the step by step instructions.</p>
<h3><a name="Info"></a>Looking for Information?</h3>
<p style="margin-left: 0.42in;">The <a href="Documentation_Index.html">Documentation
Index</a> is a good place to start as
is the Site Search in the frame above.</p>
<h3><a name="WhatIs"></a>What is Shorewall?<br>
</h3>
<p style="margin-left: 0.42in;">For a high level description of
Shorewall, see the <a href="Introduction.html">Introduction to
Shorewall</a>. To review Shorewall functionality, see the <a
href="shorewall_features.htm">Features Page</a>.<br>
</p>
<h3><a name="License"></a>License</h3>
<p style="margin-left: 0.42in;">This program is free software; you can
redistribute it and/or modify it under the terms of <a
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU
General
Public License</a> as published by the Free Software Foundation.</p>
<p style="margin-left: 0.42in;">This program is distributed in the hope
that
it will be useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the GNU
General Public License for more detail.</p>
<p style="margin-left: 0.42in;">You should have received a copy of the
GNU
General Public License along with this program; if not, write to the
Free
Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.</p>
<p style="margin-left: 0.42in;">Permission is granted to copy,
distribute
and/or modify this document under the terms of the GNU Free
Documentation
License, Version 1.2 or any later version published by the Free
Software
Foundation; with no Invariant Sections, with no Front-Cover, and with
no
Back-Cover Texts. A copy of the license is included in the section
entitled
"GNU Free Documentation License"</p>
<h3><a name="Donations"></a>Donations</h3>
<div style="margin-left: 40px;"><a href="http://www.alz.org/"
target="_top"><font color="#000080"><img
alt="(Alzheimer's Association Logo)" src="images/alz_logo2.gif"
name="Graphic2" align="right" border="1" height="66" width="306"></font></a><a
href="http://www.starlight.org/" target="_top"><font color="#000080"><img
alt="(Starlight Foundation Logo)" src="images/newlog.gif"
name="Graphic3" align="right" border="1" height="108" width="65"></font></a>Shorewall
is free but if you try it and
find it useful, please consider making a donation to the <a
href="http://www.alz.org/" target="_top">Alzheimer's Association</a>
or to
the <a href="http://www.starlight.org/" target="_top">Starlight
Children's
Foundation</a>. <br>
</div>
<p><br>
</p>
<div style="margin-left: 40px;">Thank You</div>
<h3><a name="Logo">Logo</a></h3>
<p style="margin-left: 40px;">The <a target="_top"
href="http://wiki.shorewall.net/wiki/LogoDesignCompetition">Shorewall
Logo</a> is the work of Gareth Davies of <a target="_top"
href="http://thusa.co.za/">Thusa</a> and is licensed under the
Creative
Commons
Attribution-Share Alike 2.5 South Africa License. To view a copy of
this
licence, visit <a
href="http://creativecommons.org/licenses/by-sa/2.5/za/">http://creativecommons.org/licenses/by-sa/2.5/za/
</a>or send a
letter to Creative Commons, 171 Second Street, Suite 300, San
Francisco,
California 94105, USA.<br>
</p>
<h3><a name="Copyright">Copyright</a></h3>
<div style="margin-left: 40px;">Copyright © 2001-2009 Thomas M.
Eastep
</div>
<br>
<div style="margin-left: 40px;">Permission is granted to copy,
distribute and/or modify
this
document
under the terms of the GNU Free Documentation License, Version 1.2 or
any
later version published by the Free Software Foundation; with no
Invariant
Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
the
license is included in the section entitled <span
style="text-decoration: underline;">"</span><a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>".</div>
<p align="left"><br>
</p>
</body>
</html>