extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-25 09:03:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add traffic shaping to my network configuration

Browse Source
This commit is contained in:
Tom Eastep 2009-08-02 08:36:29 -07:00
parent 4cd41a81f7
commit 0e09292587
3 changed files with 314 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
docs/MyNetwork.xml
View File

@ -80,6 +80,10 @@
<listitem> <listitem>
<para><ulink url="ManualChains.html">Manual Chains</ulink></para> <para><ulink url="ManualChains.html">Manual Chains</ulink></para>
</listitem> </listitem>
<listitem>
<para><ulink url="traffic_shaping.htm">Traffic Shaping</ulink></para>
</listitem>
</itemizedlist> </itemizedlist>
<para>Linux runs the firewall and the servers (although they run in OpenVZ <para>Linux runs the firewall and the servers (although they run in OpenVZ
@ -330,7 +334,7 @@ loc tun+ detect</programlisting>Notice that VPN clients are treated
the same as local hosts.</para> the same as local hosts.</para>
<para>I set the <emphasis role="bold">proxyarp</emphasis> option on <para>I set the <emphasis role="bold">proxyarp</emphasis> option on
$EXT_IF so that </para> $EXT_IF so that</para>
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
@ -746,6 +750,98 @@ chmod 744 ${VARDIR}/state</programlisting>Kill lsm if the command is stop or
clear. Make the state file world-readable.</para> clear. Make the state file world-readable.</para>
</section> </section>
<section>
<title>/etc/shorewall/tcdevices</title>
<para><programlisting>#INTERFACE IN-BANDWITH OUT-BANDWIDTH OPTIONS
$EXT_IF - 300kbit classify
$INT_IF - 80mbit classify
$COM_IF - 4mbit classify,hfsc
</programlisting>The use of HFSC on the Comcast link is largely to provide a
test bed for that qdisc; I really don't have any real-time requirement
such as VOIP.</para>
</section>
<section>
<title>/etc/shorewall/tcclasses</title>
<para><programlisting>INTERFACE MARK RATE CEIL PRIORITY OPTIONS
1:110 - full/4 full 1 tcp-ack,tos-minimize-delay
1:120 - full/4 full 2 flow=nfct-src
1:130 - full/4 230kbit 3 default,flow=nfct-src
1:140 - full/4 230kbit 4 flow=nfct-src
2:10 - 95*full/100 full 1 flow=dst
2:100 - 14mbit 20mbit 2
2:100:101 - 7mbit 20mbit 3 default,flow=dst
2:100:102 - 7mbit 20mbit 3 flow=dst
3:10 - 2mbit:4ms full 1 flow=nfct-src
3:100 - 2mbit full 2
3:100:101 - 1mbit full 3 default,flow=nfct-src
3:100:102 - 1mbit full 3 flow=nfct-src
</programlisting>Note that most of the outgoing bandwidth on the local
interface is allocated to one class. That class is used for local
traffic.</para>
</section>
<section>
<title>/etc/shorewall/tcfilters</title>
<para><programlisting>#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH
#CLASS PORT(S) PORT(S)
# =============================== AVVANTA ====================================
#
# Give Highest priority to LSM's pings to the gateway and to DNS queries
#
1:110 206.124.146.176 206.124.146.254 icmp
1:110 206.124.146.177 - udp 53
#
# Second Highest priority to IPv6 Tunnel
#
1:120 206.124.146.180
#
# Lowest priority to bulk traffic
#
1:140 206.124.146.177 - tcp - 873 - 2048
1:140 206.124.146.177 - - - - tos-minimize-cost
</programlisting>The tcfilters file is only used for the Avvanta provider
because it has static public IP addresses.</para>
</section>
<section>
<title>/etc/shorewall/tcrules</title>
<para><programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST LENGTH TOS
# PORT(S)
COMMENT Shape incoming traffic
#
# Most of the bandwidth is reserved for local traffic since the downlinks aren't that fast
#
2:10 206.124.146.176/30 $INT_IF
2:10 206.124.146.177 $INT_IF
2:10 172.20.1.254 $INT_IF
#
# Guarantee 1/2 of the incoming bandwidth for my work system
#
2:102 0.0.0.0/0 $INT_IF:172.20.1.107
COMMENT Shape outgoing traffic to Comcast
#
# Give 1/2 to my work system and add a latency guarantee
#
3:10 172.20.1.107 $COM_IF
#
# Restrict Torrent uploads
#
3:102 172.20.1.0/24 $COM_IF tcp - 6881:6889
</programlisting>The tcrules file is used to classify traffic that deals with
the local network and/or with Comcast.</para>
</section>
<section id="tunnels"> <section id="tunnels">
<title>/etc/shorewall/tunnels</title> <title>/etc/shorewall/tunnels</title>

2
tools/build/upload44
View File

@ -172,6 +172,8 @@ fi
files="errata known_problems.txt releasenotes.txt patch-*-$1 ${1}.*" files="errata known_problems.txt releasenotes.txt patch-*-$1 ${1}.*"
base= base=
rm -f *-${1}*.asc
for f in *-${1}.tar.bz2 *-${1}.tgz; do for f in *-${1}.tar.bz2 *-${1}.tgz; do
/usr/bin/gpg -ab --batch --comment 'To verify this, you can download our public key at https://lists.shorewall.net/shorewall.gpg.key' $f /usr/bin/gpg -ab --batch --comment 'To verify this, you can download our public key at https://lists.shorewall.net/shorewall.gpg.key' $f
done done

430
web/shorewall_index.htm
View File

@ -1,215 +1,215 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html> <html>
<head> <head>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8"> <meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8">
<title>Shoreline Firewall (Shorewall)</title> <title>Shoreline Firewall (Shorewall)</title>
<base target="_self"> <base target="_self">
<meta name="CREATED" content="20040920;15031500"> <meta name="CREATED" content="20040920;15031500">
<meta name="CHANGED" content="$Id$"> <meta name="CHANGED" content="$Id$">
</head> </head>
<body dir="ltr" lang="en-US"> <body dir="ltr" lang="en-US">
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<table <table
style="text-align: left; width: 100%; background-color: rgb(255, 255, 255);" style="text-align: left; width: 100%; background-color: rgb(255, 255, 255);"
border="0" cellpadding="2" cellspacing="0"> border="0" cellpadding="2" cellspacing="0">
<tbody> <tbody>
<tr> <tr>
<td <td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#Releases">Current Shorewall Releases</a><br> href="#Releases">Current Shorewall Releases</a><br>
</td> </td>
<td <td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255); background-color: rgb(255, 255, 255);"><a style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255); background-color: rgb(255, 255, 255);"><a
href="#GettingStarted">Getting Started with Shorewall</a><br> href="#GettingStarted">Getting Started with Shorewall</a><br>
</td> </td>
<td <td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#Info">Looking for Information?</a><br> href="#Info">Looking for Information?</a><br>
</td> </td>
<td <td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#WhatIs">What is Shorewall?</a><br> href="#WhatIs">What is Shorewall?</a><br>
</td> </td>
<td <td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#License">License<br> href="#License">License<br>
</a></td> </a></td>
<td <td
style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a style="vertical-align: top; font-weight: bold; color: rgb(255, 255, 255);"><a
href="#Donations">Donations</a><br> href="#Donations">Donations</a><br>
</td> </td>
<td style="vertical-align: top;"><a href="#Logo"><span <td style="vertical-align: top;"><a href="#Logo"><span
style="font-weight: bold;">Logo</span></a><br> style="font-weight: bold;">Logo</span></a><br>
</td> </td>
<td style="vertical-align: top; color: rgb(255, 255, 255);"><a <td style="vertical-align: top; color: rgb(255, 255, 255);"><a
href="#Copyright"><span style="font-weight: bold;">Copyright</span></a><br> href="#Copyright"><span style="font-weight: bold;">Copyright</span></a><br>
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<hr style="width: 100%; height: 2px;"><span style="font-weight: bold;">2009-07-26</span><br> <hr style="width: 100%; height: 2px;"><span style="font-weight: bold;">2009-08-01</span><br>
<h3><a href="Notices.html#Shell-EOL">Attention Shorewall-shell users</a><br> <h3><a href="Notices.html#Shell-EOL">Attention Shorewall-shell users</a><br>
</h3> </h3>
<h3><a name="Releases"></a>Current Shorewall Releases</h3> <h3><a name="Releases"></a>Current Shorewall Releases</h3>
<table style="text-align: left; width: 100%;" border="0" cellpadding="2" <table style="text-align: left; width: 100%;" border="0" cellpadding="2"
cellspacing="0"> cellspacing="0">
<tbody> <tbody>
<tr> <tr>
<td style="vertical-align: top;"> <td style="vertical-align: top;">
<div style="margin-left: 40px;"><span style="font-weight: bold;">Current <div style="margin-left: 40px;"><span style="font-weight: bold;">Current
Stable Release</span><br> Stable Release</span><br>
</div> </div>
</td> </td>
<td style="vertical-align: top;"><span style="font-weight: bold;">4.2.10</span> <td style="vertical-align: top;"><span style="font-weight: bold;">4.2.10</span>
(includes <a href="IPv6Support.html">IPv6 support.</a>)</td> (includes <a href="IPv6Support.html">IPv6 support.</a>)</td>
<td style="vertical-align: top;"><a <td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.10/releasenotes.txt">Release href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.10/releasenotes.txt">Release
notes</a> </td> notes</a> </td>
<td style="vertical-align: top;"><a <td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.10/known_problems.txt">Known href="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-4.2.10/known_problems.txt">Known
Problems</a></td> Problems</a></td>
</tr> </tr>
<tr> <tr>
<td style="vertical-align: top;"> <td style="vertical-align: top;">
<div style="margin-left: 40px;"><span style="font-weight: bold;">Previous <div style="margin-left: 40px;"><span style="font-weight: bold;">Previous
Stable Release</span><br> Stable Release</span><br>
</div> </div>
</td> </td>
<td style="vertical-align: top;"><span style="font-weight: bold;">4.0.15</span><br> <td style="vertical-align: top;"><span style="font-weight: bold;">4.0.15</span><br>
</td> </td>
<td style="vertical-align: top;"><a <td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.15/releasenotes.txt">Release href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.15/releasenotes.txt">Release
Notes</a><br> Notes</a><br>
</td> </td>
<td style="vertical-align: top;"><a <td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.15/known_problems.txt">Known href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.15/known_problems.txt">Known
Problems</a><br> Problems</a><br>
</td> </td>
</tr> </tr>
<tr> <tr>
<td style="vertical-align: top;"> <td style="vertical-align: top;">
<div style="margin-left: 40px;"><span style="font-weight: bold;">Development <div style="margin-left: 40px;"><span style="font-weight: bold;">Development
Release</span><br> Release</span><br>
</div> </div>
</td> </td>
<td style="vertical-align: top;"><span style="font-weight: bold;">4.4.0 <td style="vertical-align: top;"><span style="font-weight: bold;">4.4.0
RC 1</span><br> RC 2</span><br>
</td> </td>
<td style="vertical-align: top;"><a <td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-RC1/releasenotes.txt">Release href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-RC2/releasenotes.txt">Release
Notes<br> Notes<br>
</a> </td> </a> </td>
<td style="vertical-align: top;"><a <td style="vertical-align: top;"><a
href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-RC1/known_problems.txt">Known href="http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-RC2/known_problems.txt">Known
Problems</a> </td> Problems</a> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<p style="margin-left: 40px;">Read more about the Shorewall <a <p style="margin-left: 40px;">Read more about the Shorewall <a
href="Shorewall-4.html">4.x href="Shorewall-4.html">4.x
releases here</a>. Get them from the <a href="download.htm">download releases here</a>. Get them from the <a href="download.htm">download
sites</a></p> sites</a></p>
<h3><a name="GettingStarted"></a>Getting Started with Shorewall</h3> <h3><a name="GettingStarted"></a>Getting Started with Shorewall</h3>
<p style="margin-left: 0.42in;">New to Shorewall? Download the current <p style="margin-left: 0.42in;">New to Shorewall? Download the current
Stable Stable
version (see above) then select the <a version (see above) then select the <a
href="shorewall_quickstart_guide.htm">QuickStart Guide</a> that most href="shorewall_quickstart_guide.htm">QuickStart Guide</a> that most
closely closely
matches your environment and follow the step by step instructions.</p> matches your environment and follow the step by step instructions.</p>
<h3><a name="Info"></a>Looking for Information?</h3> <h3><a name="Info"></a>Looking for Information?</h3>
<p style="margin-left: 0.42in;">The <a href="Documentation_Index.html">Documentation <p style="margin-left: 0.42in;">The <a href="Documentation_Index.html">Documentation
Index</a> is a good place to start as Index</a> is a good place to start as
is the Site Search in the frame above.</p> is the Site Search in the frame above.</p>
<h3><a name="WhatIs"></a>What is Shorewall?<br> <h3><a name="WhatIs"></a>What is Shorewall?<br>
</h3> </h3>
<p style="margin-left: 0.42in;">For a high level description of <p style="margin-left: 0.42in;">For a high level description of
Shorewall, see the <a href="Introduction.html">Introduction to Shorewall, see the <a href="Introduction.html">Introduction to
Shorewall</a>. To review Shorewall functionality, see the <a Shorewall</a>. To review Shorewall functionality, see the <a
href="shorewall_features.htm">Features Page</a>.<br> href="shorewall_features.htm">Features Page</a>.<br>
</p> </p>
<h3><a name="License"></a>License</h3> <h3><a name="License"></a>License</h3>
<p style="margin-left: 0.42in;">This program is free software; you can <p style="margin-left: 0.42in;">This program is free software; you can
redistribute it and/or modify it under the terms of <a redistribute it and/or modify it under the terms of <a
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU
General General
Public License</a> as published by the Free Software Foundation.</p> Public License</a> as published by the Free Software Foundation.</p>
<p style="margin-left: 0.42in;">This program is distributed in the hope <p style="margin-left: 0.42in;">This program is distributed in the hope
that that
it will be useful, but WITHOUT ANY WARRANTY; without even the implied it will be useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the GNU the GNU
General Public License for more detail.</p> General Public License for more detail.</p>
<p style="margin-left: 0.42in;">You should have received a copy of the <p style="margin-left: 0.42in;">You should have received a copy of the
GNU GNU
General Public License along with this program; if not, write to the General Public License along with this program; if not, write to the
Free Free
Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.</p> 02110-1301 USA.</p>
<p style="margin-left: 0.42in;">Permission is granted to copy, <p style="margin-left: 0.42in;">Permission is granted to copy,
distribute distribute
and/or modify this document under the terms of the GNU Free and/or modify this document under the terms of the GNU Free
Documentation Documentation
License, Version 1.2 or any later version published by the Free License, Version 1.2 or any later version published by the Free
Software Software
Foundation; with no Invariant Sections, with no Front-Cover, and with Foundation; with no Invariant Sections, with no Front-Cover, and with
no no
Back-Cover Texts. A copy of the license is included in the section Back-Cover Texts. A copy of the license is included in the section
entitled entitled
"GNU Free Documentation License"</p> "GNU Free Documentation License"</p>
<h3><a name="Donations"></a>Donations</h3> <h3><a name="Donations"></a>Donations</h3>
<div style="margin-left: 40px;"><a href="http://www.alz.org/" <div style="margin-left: 40px;"><a href="http://www.alz.org/"
target="_top"><font color="#000080"><img target="_top"><font color="#000080"><img
alt="(Alzheimer's Association Logo)" src="images/alz_logo2.gif" alt="(Alzheimer's Association Logo)" src="images/alz_logo2.gif"
name="Graphic2" align="right" border="1" height="66" width="306"></font></a><a name="Graphic2" align="right" border="1" height="66" width="306"></font></a><a
href="http://www.starlight.org/" target="_top"><font color="#000080"><img href="http://www.starlight.org/" target="_top"><font color="#000080"><img
alt="(Starlight Foundation Logo)" src="images/newlog.gif" alt="(Starlight Foundation Logo)" src="images/newlog.gif"
name="Graphic3" align="right" border="1" height="108" width="65"></font></a>Shorewall name="Graphic3" align="right" border="1" height="108" width="65"></font></a>Shorewall
is free but if you try it and is free but if you try it and
find it useful, please consider making a donation to the <a find it useful, please consider making a donation to the <a
href="http://www.alz.org/" target="_top">Alzheimer's Association</a> href="http://www.alz.org/" target="_top">Alzheimer's Association</a>
or to or to
the <a href="http://www.starlight.org/" target="_top">Starlight the <a href="http://www.starlight.org/" target="_top">Starlight
Children's Children's
Foundation</a>. <br> Foundation</a>. <br>
</div> </div>
<p><br> <p><br>
</p> </p>
<div style="margin-left: 40px;">Thank You</div> <div style="margin-left: 40px;">Thank You</div>
<h3><a name="Logo">Logo</a></h3> <h3><a name="Logo">Logo</a></h3>
<p style="margin-left: 40px;">The <a target="_top" <p style="margin-left: 40px;">The <a target="_top"
href="http://wiki.shorewall.net/wiki/LogoDesignCompetition">Shorewall href="http://wiki.shorewall.net/wiki/LogoDesignCompetition">Shorewall
Logo</a> is the work of Gareth Davies of <a target="_top" Logo</a> is the work of Gareth Davies of <a target="_top"
href="http://thusa.co.za/">Thusa</a> and is licensed under the href="http://thusa.co.za/">Thusa</a> and is licensed under the
Creative Creative
Commons Commons
Attribution-Share Alike 2.5 South Africa License. To view a copy of Attribution-Share Alike 2.5 South Africa License. To view a copy of
this this
licence, visit <a licence, visit <a
href="http://creativecommons.org/licenses/by-sa/2.5/za/">http://creativecommons.org/licenses/by-sa/2.5/za/ href="http://creativecommons.org/licenses/by-sa/2.5/za/">http://creativecommons.org/licenses/by-sa/2.5/za/
</a>or send a </a>or send a
letter to Creative Commons, 171 Second Street, Suite 300, San letter to Creative Commons, 171 Second Street, Suite 300, San
Francisco, Francisco,
California 94105, USA.<br> California 94105, USA.<br>
</p> </p>
<h3><a name="Copyright">Copyright</a></h3> <h3><a name="Copyright">Copyright</a></h3>
<div style="margin-left: 40px;">Copyright © 2001-2009 Thomas M. <div style="margin-left: 40px;">Copyright © 2001-2009 Thomas M.
Eastep Eastep
</div> </div>
<br> <br>
<div style="margin-left: 40px;">Permission is granted to copy, <div style="margin-left: 40px;">Permission is granted to copy,
distribute and/or modify distribute and/or modify
this this
document document
under the terms of the GNU Free Documentation License, Version 1.2 or under the terms of the GNU Free Documentation License, Version 1.2 or
any any
later version published by the Free Software Foundation; with no later version published by the Free Software Foundation; with no
Invariant Invariant
Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
the the
license is included in the section entitled <span license is included in the section entitled <span
style="text-decoration: underline;">"</span><a href="GnuCopyright.htm" style="text-decoration: underline;">"</span><a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>".</div> target="_self">GNU Free Documentation License</a>".</div>
<p align="left"><br> <p align="left"><br>
</p> </p>
</body> </body>
</html> </html>