[ previous ] [ next ] [ threads ]
 
 From:  Chris Hoy Poy <chrishp at dugeo dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  Mark Ryan <markryan at cfl dot rr dot com>
 Subject:  Re: [m0n0wall] can i adadpt my linux traffic shaping rules to monowall?
 Date:  Mon, 23 Oct 2006 09:40:21 +0800
As far as I can see, nothing special in that mix.. 

     Inbound NAT (FTP, SMTP)
     Traffic shaping

in which case, M0n0wall will do the trick, and this will be much more readable 
in M0n0wall's portal anyway. 

cheers;
I made the same move from ipCop to M0n0wall, albeit I knew nothing about ipCop 
and just wanted something I knew a bit better. Monowalls pretty simple, and 
that makes it a lot easier to troubleshoot. Plus some of the gurus on this 
list dont seem to be able to leave their email for longer then 10 mins, and 
you usually get good replies pretty quickly ;)

//chris


On Sunday 22 October 2006 23:04, Mark Ryan wrote:
> Hi,
> I currently use ipcop on an old machine and I love it however I am
> interested in moving to an embedded box with monowall.  I wrote my own
> custom traffic shaping rules for linux and I would like to know if the
> same setup is possible with monowall.  Here are my rules:
>
> #!/bin/bash
> # clear out the chain and setup a new chain
> iptables -t mangle -D OUTPUT -o eth1 -j BW-OUT 2> /dev/null > /dev/null
> iptables -t mangle -F BW-OUT 2> /dev/null > /dev/null
> iptables -t mangle -X BW-OUT 2> /dev/null > /dev/null
> iptables -t mangle -N BW-OUT
> iptables -t mangle -I POSTROUTING -o eth1 -j BW-OUT
> # mark packets: 3 is active ftp and passive ftp, 2 is email, 1 is ACK
> for downloads and everything else
> iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j MARK
> --set-mark 1
> iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j RETURN
> iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j MARK --set-mark 2
> iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j RETURN
> iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j MARK --set-mark 3
> iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j RETURN
> iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j MARK --set-mark
> 3 iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j RETURN
> # clear the qdisc
> tc qdisc del dev eth1 root
> #add the root qdisk
> tc qdisc add dev eth1 root handle 1: htb default 10
> #add main rate limit class and 2 leafs
> tc class add dev eth1 parent 1: classid 1:1 htb rate 105kbps ceil 105kbps
> tc class add dev eth1 parent 1:1 classid 1:10 htb rate 45kbps ceil
> 105kbps prio 0
> tc class add dev eth1 parent 1:1 classid 1:11 htb rate 40kbps ceil
> 105kbps prio 1
> tc class add dev eth1 parent 1:1 classid 1:12 htb rate 20kbps ceil
> 105kbps prio 2
> #filter traffic into classes
> tc filter add dev eth1 parent 1:0  prio 0 protocol ip handle 1 fw flowid
> 1:10
> tc filter add dev eth1 parent 1:0  prio 1 protocol ip handle 2 fw flowid
> 1:11
> tc filter add dev eth1 parent 1:0  prio 2 protocol ip handle 3 fw flowid
> 1:12
>
> These rules work perfectly for my setup.  They cap my ftp server to 100K
> and when an email is sent, the email has priority.  The sharing and
> priority setup is also great so that the higher priority root class can
> borrow from the ftp if needed.  They also allow the small ack packets to
> get priority so that downloads dont suffer.
>
> Is this possible with monowall?
>
> Thanks,
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

-- 
Chris Hoy Poy
System Administrator
DownUnder GeoSolutions
http://www.dugeo.com