From 2d451aa967eb9f982c1645e7cf7655678b977540 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 12 Jul 2008 17:10:56 +0000 Subject: [PATCH] Add download shaping example git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8624 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/MultiISP.xml | 7 ++-- docs/traffic_shaping.xml | 71 +++++++++++++++++++++++++++++++++++++--- 2 files changed, 71 insertions(+), 7 deletions(-) diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index 3d2223615..b5992b29e 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -250,8 +250,9 @@ Gives the name or number of a routing table to duplicate. May be 'main' or the name or number of a previously declared - provider. For most applications, you want to specify 'main' - here. + provider. For most applications, you want to specify 'main' here. + This field should be be specified as '-' when USE_DEFAULT_RT=Yes + in shorewall.conf @@ -1128,4 +1129,4 @@ linksys 1 1 - wlan0 172.20.1.1 track,balance=1,optional shorewall 2 2 - eth0 192.168.1.254 track,balance=2,optional/etc/shorewall/rules:#SOURCE DEST PROVIDER PRIORITY - - shorewall 11999 - + \ No newline at end of file diff --git a/docs/traffic_shaping.xml b/docs/traffic_shaping.xml index 24b15f05d..01c7f3d3b 100644 --- a/docs/traffic_shaping.xml +++ b/docs/traffic_shaping.xml @@ -1,6 +1,6 @@ - - +
@@ -182,6 +182,16 @@ and at your own. + This is not to say that you cannot shape + downloads, regardless of which Shorewall release you are + running. + +
+ If you wish to shape downloads, you can always configure traffic + shaping on your firewall's local interface. An example appears below. +
+ You shape and control outgoing traffic by assigning the traffic to classes. Each class is associated with exactly one network interface and has a number of attributes: @@ -1071,7 +1081,7 @@ ppp0 6000kbit 700kbit tcclasses file #INTERFACE MARK RATE CEIL PRIORITY OPTIONS -ppp0 1 10kbit 50kbit 1 tcp-ack +ppp0 1 10kbit 50kbit 1 tcp-ack,tos-minimize-delay ppp0 2 300kbit full 2 ppp0 3 300kbit full 2 ppp0 4 90kbit 200kbit 3 default @@ -1134,6 +1144,59 @@ ppp0 4 90kbit 200kbit 3 default +
+ Shaping Download Traffic + + As stated at the outset, traffic shaping works on traffic being sent + by the firewall. Download traffic from the Internet to local hosts is sent + by the firewall over a local interface. So it follows that if you want to + shape such traffic, you must configure shaping on the local + interface. + + Shaping of download traffic is most straightforward when there are + only two interface. That way, traffic leaving the local interface falls + into only two broad categories: + + + + Traffic being forwarded from the internet + + + + Traffic that originated on the firewall itself + + + + In general, you will want to shape the forwarded traffic and leave + the local traffic unrestricted. + + Extending the simple example + above: + + /etc/shorewall/tcdevices:#INTERFACE IN-BANDWITH OUT-BANDWIDTH +ppp0 6000kbit 700kbit +eth1 - 100mbit + + /etc/shorewall/tcclasses:#INTERFACE MARK RATE CEIL PRIORITY OPTIONS +ppp0 1 10kbit 50kbit 1 tcp-ack,tos-minimize-delay +ppp0 2 300kbit full 2 +ppp0 3 300kbit full 2 +ppp0 4 90kbit 200kbit 3 default +eth0 1 100kbit 500kbit 1 tcp-ack,tos-minimize-delay +eth0 2 3mbit 6mbit 2 +eth0 3 3mbit 6mbit 3 +eth0 4 94mbit full default #for local traffic + + /etc/shorewall/tcrules:#MARK SOURCE DEST PROTO PORT(S) CLIENT USER +# PORT(S) +1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-request +1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-reply +2:F 192.168.2.23 0.0.0.0/0 all +3:F 192.168.2.42 0.0.0.0/0 all +2:F ppp0 192.168.2.23 all +3:F ppp0 192.168.2.42 all +
+
Intermediate Frame Block (IFB) Devices @@ -1616,4 +1679,4 @@ class htb 1:120 parent 1:1 leaf 120: prio 2 quantum 1900 rate 76000bit ceil 2300 At least one Shorewall user has found this tool helpful: http://e2epi.internet2.edu/network-performance-toolkit.html
-
\ No newline at end of file +