[ previous ] [ next ] [ threads ]
 From:  "Eric Shorkey" <eshorkey at commonpointservices dot com>
 To:  "Thomas Hertz" <term at cynisk dot net>, "'nrg'" <lists at nethq dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Wondershaper
 Date:  Wed, 9 Jun 2004 05:31:43 -0400
He's already using the traffic shaper to limit his outbound smtp throughput.
That's not his question. He's asking if queue support was ever implemented.
The answer is yes. Queue support has been implemented for a while now. It's
not the easiest thing to set up though. I know the queue support is in as
early as version 1.0. To configure it, you need to create a pipe with the
maximum bandwidth you wish to use for all involved queues. (Usually
something just slightly less than your maximum throughput works well.) Then
create a queue for each service you wish to have share the pipe. Don't
forget to create a default queue that matches everything, otherwise you'll
only be sharing bandwidth between matching services, and nothing else. Set
your weights as necessary. Remember that every queue is guaranteed
bandwidth, regardless of it's weight. How much bandwidth is determined by
its weight vs all the other weights added together. And NEVER set the delay
to anything higher than 0. Otherwise you'll end up with 2 problems. Your
packets will be held at the firewall for the value of delay in milliseconds,
and you'll end up with a very busy firewall when the traffic gets thick and
you might start dropping packets. I really don't know why we even have the
delay option in the gui, since all it does is create detrimental effects.

Is all of this tough to set up? Not really, but you have to know what you're
doing first, otherwise you'll end up with a bad configuration and you'll get
unexpected results. It's hard to really gauge where m0n0wall sits on the
ease of use vs configurability meter. I'd say it sits sort of in the middle,
maybe leaning a little bit towards more configurability. Honestly, this is a
bad place to be. It's too hard for the people that just want to plug in a
box and have it work, and it's too lacking for people with demanding network

My suggestion to you, Carlo, is go back to wondershaper. Seriously. I'm not
trying to be mean, but if you don't already understand how to configure
iptables or ipfw, and don't understand the concepts behind packet shaping,
and already have a good understanding of ip routing, then m0n0wall is going
to be too hard to configure correctly. The friendly looking interface to
m0n0wall makes it seem easier than it really is. Smoothwall might be a good
choice for you as well. It's pretty easy to set up, though I don't think the
free version has any packet shaping support. You'd have to look to make

----- Original Message ----- 
From: "Thomas Hertz" <term at cynisk dot net>
To: "'nrg'" <lists at nethq dot org>; <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, June 09, 2004 4:57 AM
Subject: RE: [m0n0wall] Wondershaper

> Hello Carlo,
> Haven't you started to wonder what "Traffic shaper" under "Firewall" was
> good for in the m0n0wall gui? =) (or maybe it came in the betas?) If so
> walk by http://m0n0.ch/wall/downloads and grab a copy of a recent beta. I
> use the traffic shaper and it works like a charm for me.
> // Thomas Hertz
> > -----Original Message-----
> > From: nrg [mailto:lists at nethq dot org]
> > Sent: den 9 juni 2004 10:46
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: [m0n0wall] Wondershaper
> >
> > Dear List,
> >
> > Since a few weeks i've been using m0n0 and im very pleased with it,
> > there
> > is one problem which it seems i cannot fix. On my previous
> > (linux) i was using wondershaper in combination with a adsl connection
> > which
> > was working really nicely. All ssh/telnet sessions were always running
> > smooth
> > even with high network loading. Now that i have setup m0n0wall VPN's for
> > more
> > secure access between 2 offices (using telnet) i got my old problem back
> > again.
> > When traffic is high, ssh and telnet connections will get really slow.
> > I've
> > already setup the traffic shaper to limit the smtp traffic going out but
> > this
> > is not an ideal solution. I have search a bit on the list and found a
> > mails
> > ( manuel comments
> >
http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=5&actionargs[]=81 )
> > regarding this and the possiblity to implement this kind of feature, and
> > thought i also saw it somewhere on a wish list but i cannot find it
> > anymore. So
> > my questions are:
> >
> > Is this possible to implement? if yes any idea of when this could be
> > implemented?
> >
> >
> > Carlo.
> >
> > ----------------------------------------------------------------
> > This message was sent using IMP, the Internet Messaging Program.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch