[ previous ] [ next ] [ threads ]
 
 From:  Joey Morin <jmorin at icomm dot ca>
 To:  Carlo <lists at nethq dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Wondershaper
 Date:  Wed, 9 Jun 2004 10:02:50 -0400 (EDT)
This one time, at band camp, Carlo said:

> I think my knowledge should be enough to administer m0n0wall on a decent
> level. It is not that i do not want to spend the time on it but that i
> cannot spend to much time into it. I think m0n0wall is a good solution
> for me because it is easy to administer over http with a good and clear
> interface. If i spend the time in reading/learning about traffic shaping
> i am sure i will be able to set it up correctly, but my thinking is that
> maybe the same or similar rule's could be already preconfigured and be
> enabled with a few basic settings just like how wondershaper works.
> Maybe for somebody like you (who knows far more about this subject then
> me) could create it and submit it to the mailing list? I think it would
> be a valuable addition to m0n0wall for unexperienced users.

it's not as hard as you may think.  i've got 680Kbps upstream, and
2.64Mbps downstream.  the shaping rules below allow both upstream and
downstream to be *completely* saturated, while still allowing my ssh
session to take keystrokes and echo replies with virtually no perceptible
delay.  and all that on a 486DX/33 w/ 32MB m0n0!

it's a lot of xml, but it defines just one pipe, 4 queues, and 8 rules.
backup your existing config, then edit the .xml file and the excerpt below
as a replacement for your own <shaper></shaper> section (making a backup
copy of your own!), then restore from this new config.  it'll take a
reboot, but then go into traffic shaper.  all you should need to do is
change the bandwith of the pipe to match your upstream speed.  you should
also get a better sense of how the traffic shaper works.

i can't take credit for this ruleset.  that goes to my brother klode (an
off-lister).

jj

-----begin-excerpt-----
  <shaper>
    <pipe>
      <bandwidth>677</bandwidth>
      <descr>upstream pipe</descr>
    </pipe>
    <queue>
      <targetpipe>0</targetpipe>
      <weight>90</weight>
      <descr>high priority</descr>
    </queue>
    <queue>
      <targetpipe>0</targetpipe>
      <weight>1</weight>
      <descr>lowest priority</descr>
    </queue>
    <queue>
      <targetpipe>0</targetpipe>
      <weight>80</weight>
      <descr>mid-high priority</descr>
    </queue>
    <queue>
      <targetpipe>0</targetpipe>
      <weight>20</weight>
      <descr>low priority</descr>
    </queue>
    <rule>
      <interface>lan</interface>
      <protocol>tcp</protocol>
      <source>
        <any/>
      </source>
      <destination>
        <any/>
      </destination>
      <direction>in</direction>
      <iplen>0-80</iplen>
      <tcpflags>ack</tcpflags>
      <descr>ACK-only: highest priority</descr>
      <targetqueue>0</targetqueue>
    </rule>
    <rule>
      <interface>lan</interface>
      <protocol>tcp</protocol>
      <source>
        <any/>
      </source>
      <destination>
        <any/>
      </destination>
      <direction>in</direction>
      <iplen/>
      <tcpflags>syn</tcpflags>
      <descr>SYN: highest priority</descr>
      <targetqueue>0</targetqueue>
    </rule>
    <rule>
      <interface>lan</interface>
      <protocol>udp</protocol>
      <source>
        <any/>
      </source>
      <destination>
        <any/>
        <port>53</port>
      </destination>
      <direction>in</direction>
      <iplen/>
      <tcpflags/>
      <descr>DNS lookups: highest priority</descr>
      <targetqueue>0</targetqueue>
    </rule>
    <rule>
      <interface>lan</interface>
      <protocol>icmp</protocol>
      <source>
        <any/>
      </source>
      <destination>
        <any/>
      </destination>
      <direction>in</direction>
      <iplen/>
      <tcpflags/>
      <descr>ICMP: highest priority</descr>
      <targetqueue>0</targetqueue>
    </rule>
    <rule>
      <interface>lan</interface>
      <protocol>tcp</protocol>
      <source>
        <any/>
      </source>
      <destination>
        <any/>
        <port>22</port>
      </destination>
      <direction>in</direction>
      <iplen>0-110</iplen>
      <tcpflags/>
      <descr>ssh keystrokes: highest priority</descr>
      <targetqueue>0</targetqueue>
    </rule>
    <rule>
      <interface>lan</interface>
      <protocol>tcp</protocol>
      <source>
        <any/>
      </source>
      <destination>
        <any/>
        <port>21</port>
      </destination>
      <direction>in</direction>
      <iplen/>
      <tcpflags/>
      <descr>FTP data has low priority</descr>
      <targetqueue>3</targetqueue>
    </rule>
    <rule>
      <interface>lan</interface>
      <protocol>tcp</protocol>
      <source>
        <any/>
      </source>
      <destination>
        <any/>
        <port>6881-6889</port>
      </destination>
      <direction>in</direction>
      <iplen/>
      <tcpflags/>
      <descr>BitTorrent has lowest priority</descr>
      <targetqueue>1</targetqueue>
    </rule>
    <rule>
      <interface>lan</interface>
      <source>
        <any/>
      </source>
      <destination>
        <any/>
      </destination>
      <direction>in</direction>
      <iplen/>
      <tcpflags/>
      <descr>all other packets have mid-high priority</descr>
      <targetqueue>2</targetqueue>
    </rule>
    <enable/>
  </shaper>
-----end-excerpt-----