[ previous ] [ next ] [ threads ]
 
 From:  Michel Schilthuizen <bulk at deputy dot nl>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Traffic shaping (interactive ssh big latency with shaping activated)
 Date:  Wed, 14 Jan 2004 14:23:47 +0100 
Hey Manuel,

Thanks for your suggestions. I have made the pipe a bit smaller (now 400kbps) 
and made the modifications to the rules (passive ftp is disabled on the server 
at the moment). It all works like a charm!

Great stuff, thanks,
Michel

PS: I included the list, so people will find the answer in the archives later 
on

Quoting Manuel Kasper <mk at neon1 dot net>:

 On 14.01.2004, at 12:25, Michel Schilthuizen wrote:
 
 > Can anyone look at the config below and help me out?
 
 Hmm, looks pretty much OK, but have you got substantial amounts of 
 non-TCP traffic? I'd change the last "catch-all" rule to protocol "any" 
 and not just TCP, as with your current setup, non-TCP traffic will not 
 be accounted for in the pipe, so it is possible that the modem buffers 
 still become full. Try decreasing the pipe's bandwidth too.
 
 I'd always use a separate rule for SSH traffic, as it won't hit your 
 ACK prio rule because SSH packets are typically 100 bytes or more, and 
 you probably still want SSH to be more important than e.g. web 
 browsing. Also, I'm not sure if your FTP traffic limit rule works - it 
 most likely won't for passive FTP connections (dynamic port on the 
 server's side, and almost definitely not 20).
 
 HTH,
 
 Manuel