[ previous ] [ next ] [ threads ]
 
 From:  Mark Ryan <markryan at cfl dot rr dot com>
 To:  Chris Hoy Poy <chrishp at dugeo dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] can i adadpt my linux traffic shaping rules to monowall?
 Date:  Sun, 22 Oct 2006 22:21:34 -0400 
Chris Hoy Poy wrote:
> theres actually considerably more documentation "online" inside monowall ;) 
> especially for the traffic shaper :) More then enough to understand how it 
> works, and the shaper wizard is pretty good for an initial starting point 
> (its prolly easier not to include the peer-to-peer tweaks, as these make the 
> initial list huge, and I found it difficult to interpret what was going on 
> with those rules there.. not that they are bad rules, just that there are 
> heaps of them and if you are trying to learn, best not to include etc). 
>
> The traffic shaper in m0n0wall is pretty good I think - it'll do the same 
> capping as your rules.. if FTP is set to have a guarantee or 5% (or even 1%) 
> it'll still take up the full 100% if thats available. Any other traffic can 
> take away etc.. so yeah, it does what I think you're concerned about.. 
>
>
> //chris
>
> On Monday 23 October 2006 10:02, Mark Ryan wrote:
>   
>> Chris Hoy Poy wrote:
>>     
>>> As far as I can see, nothing special in that mix..
>>>
>>>      Inbound NAT (FTP, SMTP)
>>>      Traffic shaping
>>>
>>> in which case, M0n0wall will do the trick, and this will be much more
>>> readable in M0n0wall's portal anyway.
>>>
>>> cheers;
>>> I made the same move from ipCop to M0n0wall, albeit I knew nothing about
>>> ipCop and just wanted something I knew a bit better. Monowalls pretty
>>> simple, and that makes it a lot easier to troubleshoot. Plus some of the
>>> gurus on this list dont seem to be able to leave their email for longer
>>> then 10 mins, and you usually get good replies pretty quickly ;)
>>>
>>> //chris
>>>
>>> On Sunday 22 October 2006 23:04, Mark Ryan wrote:
>>>       
>>>> Hi,
>>>> I currently use ipcop on an old machine and I love it however I am
>>>> interested in moving to an embedded box with monowall.  I wrote my own
>>>> custom traffic shaping rules for linux and I would like to know if the
>>>> same setup is possible with monowall.  Here are my rules:
>>>>
>>>> #!/bin/bash
>>>> # clear out the chain and setup a new chain
>>>> iptables -t mangle -D OUTPUT -o eth1 -j BW-OUT 2> /dev/null > /dev/null
>>>> iptables -t mangle -F BW-OUT 2> /dev/null > /dev/null
>>>> iptables -t mangle -X BW-OUT 2> /dev/null > /dev/null
>>>> iptables -t mangle -N BW-OUT
>>>> iptables -t mangle -I POSTROUTING -o eth1 -j BW-OUT
>>>> # mark packets: 3 is active ftp and passive ftp, 2 is email, 1 is ACK
>>>> for downloads and everything else
>>>> iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j MARK
>>>> --set-mark 1
>>>> iptables -t mangle -A BW-OUT -p tcp -m length --length :64 -j RETURN
>>>> iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j MARK --set-mark
>>>> 2 iptables -t mangle -A BW-OUT -m tcp -p tcp --dport 25 -j RETURN
>>>> iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j MARK --set-mark 3
>>>> iptables -t mangle -A BW-OUT -p tcp --sport 59999 -j RETURN
>>>> iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j MARK
>>>> --set-mark 3 iptables -t mangle -A BW-OUT -p tcp --sport 50000:51000 -j
>>>> RETURN # clear the qdisc
>>>> tc qdisc del dev eth1 root
>>>> #add the root qdisk
>>>> tc qdisc add dev eth1 root handle 1: htb default 10
>>>> #add main rate limit class and 2 leafs
>>>> tc class add dev eth1 parent 1: classid 1:1 htb rate 105kbps ceil
>>>> 105kbps tc class add dev eth1 parent 1:1 classid 1:10 htb rate 45kbps
>>>> ceil 105kbps prio 0
>>>> tc class add dev eth1 parent 1:1 classid 1:11 htb rate 40kbps ceil
>>>> 105kbps prio 1
>>>> tc class add dev eth1 parent 1:1 classid 1:12 htb rate 20kbps ceil
>>>> 105kbps prio 2
>>>> #filter traffic into classes
>>>> tc filter add dev eth1 parent 1:0  prio 0 protocol ip handle 1 fw flowid
>>>> 1:10
>>>> tc filter add dev eth1 parent 1:0  prio 1 protocol ip handle 2 fw flowid
>>>> 1:11
>>>> tc filter add dev eth1 parent 1:0  prio 2 protocol ip handle 3 fw flowid
>>>> 1:12
>>>>
>>>> These rules work perfectly for my setup.  They cap my ftp server to 100K
>>>> and when an email is sent, the email has priority.  The sharing and
>>>> priority setup is also great so that the higher priority root class can
>>>> borrow from the ftp if needed.  They also allow the small ack packets to
>>>> get priority so that downloads dont suffer.
>>>>
>>>> Is this possible with monowall?
>>>>
>>>> Thanks,
>>>> Mark
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>         
>> Unfortunately the docs for the traffic shaper are sparse.  Not enough
>> detail to learn without actually installing monowall and hacking away.
>>
>> Maybe I will just buy a WRAP package and just go for it, figure it out
>> later.  If I can't get monowall to shape like I want, I could always use
>> something else I guess.
>>
>> Mark
>>     
>
>   
Ok.  Yes, thats exactly what i want.  I want FTP to have 100% of the 
capped rate until something else needs it, wether it be email, http, ack 
or whatever.  It took me a long time to figure out LARTC and Iptables to 
do what I wanted.

It seems that I will be able to specify ports 50000-51000 as ftp in 
m0n0wall just as i do in linux.  Assign that a lower weight pipe and 
then assign normal stuff a higher weight.

I guess I should just pull the trigger and order that sweet looking 
m1n1wall embedded box from netgate and give it a shot.  That, along with 
a 12 pack and a few days, ought to be enough to figure it out.

Mark