[ previous ] [ next ] [ threads ]
 
 From:  Carlo <lists at nethq dot org>
 To:  Joey Morin <joeymorin at alumni dot uwaterloo dot ca>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Wondershaper
 Date:  Wed, 09 Jun 2004 17:11:31 +0200 
Hi Joey,

Joey Morin wrote:

>This one time, at band camp, Carlo said:
>
>  
>
>>I think my knowledge should be enough to administer m0n0wall on a decent
>>level. It is not that i do not want to spend the time on it but that i
>>cannot spend to much time into it. I think m0n0wall is a good solution
>>for me because it is easy to administer over http with a good and clear
>>interface. If i spend the time in reading/learning about traffic shaping
>>i am sure i will be able to set it up correctly, but my thinking is that
>>maybe the same or similar rule's could be already preconfigured and be
>>enabled with a few basic settings just like how wondershaper works.
>>Maybe for somebody like you (who knows far more about this subject then
>>me) could create it and submit it to the mailing list? I think it would
>>be a valuable addition to m0n0wall for unexperienced users.
>>    
>>
>
>it's not as hard as you may think.  i've got 680Kbps upstream, and
>2.64Mbps downstream.  the shaping rules below allow both upstream and
>downstream to be *completely* saturated, while still allowing my ssh
>session to take keystrokes and echo replies with virtually no perceptible
>delay.  and all that on a 486DX/33 w/ 32MB m0n0!
>
>it's a lot of xml, but it defines just one pipe, 4 queues, and 8 rules.
>backup your existing config, then edit the .xml file and the excerpt below
>as a replacement for your own <shaper></shaper> section (making a backup
>copy of your own!), then restore from this new config.  it'll take a
>reboot, but then go into traffic shaper.  all you should need to do is
>change the bandwith of the pipe to match your upstream speed.  you should
>also get a better sense of how the traffic shaper works.
>
>  
>
Thanks :) working great. I did have to add an extra rule because I have 
to ssh to the m0n0 and not from behind it.
After that it was working nicely.

>i can't take credit for this ruleset.  that goes to my brother klode (an
>off-lister).
>
>jj
>
>-----begin-excerpt-----
>  <shaper>
>    <pipe>
>      <bandwidth>677</bandwidth>
>      <descr>upstream pipe</descr>
>    </pipe>
>    <queue>
>      <targetpipe>0</targetpipe>
>      <weight>90</weight>
>      <descr>high priority</descr>
>    </queue>
>    <queue>
>      <targetpipe>0</targetpipe>
>      <weight>1</weight>
>      <descr>lowest priority</descr>
>    </queue>
>    <queue>
>      <targetpipe>0</targetpipe>
>      <weight>80</weight>
>      <descr>mid-high priority</descr>
>    </queue>
>    <queue>
>      <targetpipe>0</targetpipe>
>      <weight>20</weight>
>      <descr>low priority</descr>
>    </queue>
>    <rule>
>      <interface>lan</interface>
>      <protocol>tcp</protocol>
>      <source>
>        <any/>
>      </source>
>      <destination>
>        <any/>
>      </destination>
>      <direction>in</direction>
>      <iplen>0-80</iplen>
>      <tcpflags>ack</tcpflags>
>      <descr>ACK-only: highest priority</descr>
>      <targetqueue>0</targetqueue>
>    </rule>
>    <rule>
>      <interface>lan</interface>
>      <protocol>tcp</protocol>
>      <source>
>        <any/>
>      </source>
>      <destination>
>        <any/>
>      </destination>
>      <direction>in</direction>
>      <iplen/>
>      <tcpflags>syn</tcpflags>
>      <descr>SYN: highest priority</descr>
>      <targetqueue>0</targetqueue>
>    </rule>
>    <rule>
>      <interface>lan</interface>
>      <protocol>udp</protocol>
>      <source>
>        <any/>
>      </source>
>      <destination>
>        <any/>
>        <port>53</port>
>      </destination>
>      <direction>in</direction>
>      <iplen/>
>      <tcpflags/>
>      <descr>DNS lookups: highest priority</descr>
>      <targetqueue>0</targetqueue>
>    </rule>
>    <rule>
>      <interface>lan</interface>
>      <protocol>icmp</protocol>
>      <source>
>        <any/>
>      </source>
>      <destination>
>        <any/>
>      </destination>
>      <direction>in</direction>
>      <iplen/>
>      <tcpflags/>
>      <descr>ICMP: highest priority</descr>
>      <targetqueue>0</targetqueue>
>    </rule>
>    <rule>
>      <interface>lan</interface>
>      <protocol>tcp</protocol>
>      <source>
>        <any/>
>      </source>
>      <destination>
>        <any/>
>        <port>22</port>
>      </destination>
>      <direction>in</direction>
>      <iplen>0-110</iplen>
>      <tcpflags/>
>      <descr>ssh keystrokes: highest priority</descr>
>      <targetqueue>0</targetqueue>
>    </rule>
>    <rule>
>      <interface>lan</interface>
>      <protocol>tcp</protocol>
>      <source>
>        <any/>
>      </source>
>      <destination>
>        <any/>
>        <port>21</port>
>      </destination>
>      <direction>in</direction>
>      <iplen/>
>      <tcpflags/>
>      <descr>FTP data has low priority</descr>
>      <targetqueue>3</targetqueue>
>    </rule>
>    <rule>
>      <interface>lan</interface>
>      <protocol>tcp</protocol>
>      <source>
>        <any/>
>      </source>
>      <destination>
>        <any/>
>        <port>6881-6889</port>
>      </destination>
>      <direction>in</direction>
>      <iplen/>
>      <tcpflags/>
>      <descr>BitTorrent has lowest priority</descr>
>      <targetqueue>1</targetqueue>
>    </rule>
>    <rule>
>      <interface>lan</interface>
>      <source>
>        <any/>
>      </source>
>      <destination>
>        <any/>
>      </destination>
>      <direction>in</direction>
>      <iplen/>
>      <tcpflags/>
>      <descr>all other packets have mid-high priority</descr>
>      <targetqueue>2</targetqueue>
>    </rule>
>    <enable/>
>  </shaper>
>-----end-excerpt-----
>
>
>
>  
>
Carlo.