Chris Hoy Poy wrote:
> As far as I can see, nothing special in that mix.. 
>
>      Inbound NAT (FTP, SMTP)
>      Traffic shaping
>
> in which case, M0n0wall will do the trick, and this will be much more readable 
> in M0n0wall's portal anyway. 
>
> cheers;
> I made the same move from ipCop to M0n0wall, albeit I knew nothing about ipCop 
> and just wanted something I knew a bit better. Monowalls pretty simple, and 
> that makes it a lot easier to troubleshoot. Plus some of the gurus on this 
> list dont seem to be able to leave their email for longer then 10 mins, and 
> you usually get good replies pretty quickly ;)
>
> //chris
>
>
> On Sunday 22 October 2006 23:04, Mark Ryan wrote:
>   
>> Hi,
>> I currently use ipcop on an old machine and I love it however I am
>> interested in moving to an embedded box with monowall.  I wrote my own
>> custom traffic shaping rules for linux and I would like to know if the
>> same setup is possible with monowall.  Here are my rules:
>>
>> #!/bin/bash
>> # clear out the chain and setup a new chain
>> iptables -t mangle -D OUTPUT -o eth1 -j BW-OUT 2> /dev/null > /dev/null
>> iptables -t mangle -F BW-OUT 2> /dev/null > /dev/null
>> iptables -t mangle -X BW-OUT 2> /dev/null > /dev/null
>> iptables -t mangle -N BW-OUT
>> iptables -t mangle -I POSTROUTING -o eth1 -j BW-OUT
>> # mark packets: 3 is active ftp and passive ftp, 2 is email, 1 is ACK
>> for downloads and everything else
>> iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j MARK
>> --set-mark 1
>> iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j RETURN
>> iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j MARK --set-mark 2
>> iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j RETURN
>> iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j MARK --set-mark 3
>> iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j RETURN
>> iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j MARK --set-mark
>> 3 iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j RETURN
>> # clear the qdisc
>> tc qdisc del dev eth1 root
>> #add the root qdisk
>> tc qdisc add dev eth1 root handle 1: htb default 10
>> #add main rate limit class and 2 leafs
>> tc class add dev eth1 parent 1: classid 1:1 htb rate 105kbps ceil 105kbps
>> tc class add dev eth1 parent 1:1 classid 1:10 htb rate 45kbps ceil
>> 105kbps prio 0
>> tc class add dev eth1 parent 1:1 classid 1:11 htb rate 40kbps ceil
>> 105kbps prio 1
>> tc class add dev eth1 parent 1:1 classid 1:12 htb rate 20kbps ceil
>> 105kbps prio 2
>> #filter traffic into classes
>> tc filter add dev eth1 parent 1:0  prio 0 protocol ip handle 1 fw flowid
>> 1:10
>> tc filter add dev eth1 parent 1:0  prio 1 protocol ip handle 2 fw flowid
>> 1:11
>> tc filter add dev eth1 parent 1:0  prio 2 protocol ip handle 3 fw flowid
>> 1:12
>>
>> These rules work perfectly for my setup.  They cap my ftp server to 100K
>> and when an email is sent, the email has priority.  The sharing and
>> priority setup is also great so that the higher priority root class can
>> borrow from the ftp if needed.  They also allow the small ack packets to
>> get priority so that downloads dont suffer.
>>
>> Is this possible with monowall?
>>
>> Thanks,
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>     
>
>   
Unfortunately the docs for the traffic shaper are sparse.  Not enough 
detail to learn without actually installing monowall and hacking away.

Maybe I will just buy a WRAP package and just go for it, figure it out 
later.  If I can't get monowall to shape like I want, I could always use 
something else I guess.

Mark