[ previous ] [ next ] [ threads ]
 
 From:  Mark Ryan <markryan at cfl dot rr dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  can i adadpt my linux traffic shaping rules to monowall?
 Date:  Sun, 22 Oct 2006 11:04:12 -0400 
Hi,
I currently use ipcop on an old machine and I love it however I am 
interested in moving to an embedded box with monowall.  I wrote my own 
custom traffic shaping rules for linux and I would like to know if the 
same setup is possible with monowall.  Here are my rules:

#!/bin/bash
# clear out the chain and setup a new chain
iptables -t mangle -D OUTPUT -o eth1 -j BW-OUT 2> /dev/null > /dev/null
iptables -t mangle -F BW-OUT 2> /dev/null > /dev/null
iptables -t mangle -X BW-OUT 2> /dev/null > /dev/null
iptables -t mangle -N BW-OUT
iptables -t mangle -I POSTROUTING -o eth1 -j BW-OUT
# mark packets: 3 is active ftp and passive ftp, 2 is email, 1 is ACK 
for downloads and everything else
iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j MARK 
--set-mark 1
iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j RETURN
iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j MARK --set-mark 2
iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j RETURN
iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j MARK --set-mark 3
iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j RETURN
iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j MARK --set-mark 3
iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j RETURN
# clear the qdisc
tc qdisc del dev eth1 root
#add the root qdisk
tc qdisc add dev eth1 root handle 1: htb default 10
#add main rate limit class and 2 leafs
tc class add dev eth1 parent 1: classid 1:1 htb rate 105kbps ceil 105kbps
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 45kbps ceil 
105kbps prio 0
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 40kbps ceil 
105kbps prio 1
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 20kbps ceil 
105kbps prio 2
#filter traffic into classes
tc filter add dev eth1 parent 1:0  prio 0 protocol ip handle 1 fw flowid 
1:10
tc filter add dev eth1 parent 1:0  prio 1 protocol ip handle 2 fw flowid 
1:11
tc filter add dev eth1 parent 1:0  prio 2 protocol ip handle 3 fw flowid 
1:12

These rules work perfectly for my setup.  They cap my ftp server to 100K 
and when an email is sent, the email has priority.  The sharing and 
priority setup is also great so that the higher priority root class can 
borrow from the ftp if needed.  They also allow the small ack packets to 
get priority so that downloads dont suffer.

Is this possible with monowall?

Thanks,
Mark