[ previous ] [ next ] [ threads ]
 From:  Adam Nellemann <adam at nellemann dot nu>
 To:  Tony Pitman <tony at shatalmic dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] bandwidth limiting
 Date:  Tue, 11 May 2004 04:01:22 +0200
Hi Tony,

Tony Pitman wrote:

> I am not totally clear on the Traffic Shaper in m0n0wall. I searched the 
> archive and didn't really get an answer to my question so here goes:
> I have a T1 that m0n0wall is managing.
> I have over 100 users on the ethernet sharing the T1.
> I would like to limit the MAX amount of bandwidth that a single user can 
> use to be 128k FOR EACH USER.
> I don't want to have to create a pipe for EACH user (based on IP address).
> Can I simply set up one pipe and then make a rule for the sub class of IP 
> addresses and point them all to the same pipe?
> My understanding of most bandwidth products is that if you point more than 
> one IP address to a single pipe, they share the pipe (so 10 users all using 
> the same 128k pipe at the same time would each only get 12.8k)
> This is hard to explain. I hope I am making sense.
> Here is an example:
> If I assign all 100 user to be limited to 128k and only 2 of them are using 
> the T1 I want them BOTH to each get their own 128k.
> If I create a single pipe with a bandwidth of 128k do I:
> A) create a 2 pipe each with 128k and then create 2 rules, one for each IP 
> address and pointing to its OWN pipe?
> B) create a single pipe with 128k and then create a single rule with a sub 
> net that includes both IP address?
> C) create a single pipe with 128k and then create 2 rules BOTH pointing to 
> the SAME pipe?
> D) some other configuration?
> Thanks,

You can achieve what you need with the "Mask" feature: If you set the 
Mask of a pipe or queue to source or destination, a "virtual" pipe or 
queue will be created for each source or destination IP matched by a 
shaper rule.

Thus, in your case, assuming you want each user host to have its own 
128k pipe in each direction, you make two pipes, one for inbound 
traffic with Mask set to Destination, and one for outbound with Mask 
set to Source. For good measure you should also make two queues in the 
same manner (for this, the "Weight" doesn't matter), althoug these 
aren't strictly necessary.

You then need to make some rules, selecting inbound and outbound 
traffic (on the WAN interface I assume) to your user hosts to go 
through the apropriate queue (or pipe, if you didn't make queues), 
incomming (on WAN) => queue/pipe with Mask=Destination, and outgoing 
(on WAN) => queue/pipe with Mask=Source.

Hope this helps?