Hello to all. I´m trying to configure traffic shaping in showrewall with multiple ISP. I´m using shorewall 3.4.4 Here´s my configuration: eth0: 10.1.1.254 (ISP1) adsl modem router eth1: 172.16.0.254 (ISP2) adsl modem router eth2: 192.168.0.254 local network /etc/shorewall/providers ISP1 1 1 main eth0 10.1.1.1 track eth2 ISP2 2 2 main eth1 172.16.0.1 track eth2 /etc/shorewall/tcclasses eth1 2 8*full/10 8*full/10 2 default eth0 1 full full 3 default eth0 3 full/4 full 1 tos=0x68/0xfc,tos=0xb8/0xfc eth0 4 30kbit 35kbit 1 /etc/shorewall/tcdevices eth0 800kbit 320kbit eth1 100kbit 100kbit /etc/shorewall/tcrules 4 0.0.0.0/0 0.0.0.0/0 tcp 80 I need to limit downloads from all computers connected to eth2 (192.168.0) to 35kbit. What is wrong with my configuration? Thanks Wilson Galafassi ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Wilson A. Galafassi Jr. wrote:> Hello to all. > > I´m trying to configure traffic shaping in showrewall with multiple ISP. I´m > using shorewall 3.4.4 > > Here´s my configuration: > > eth0: 10.1.1.254 (ISP1) adsl modem router > eth1: 172.16.0.254 (ISP2) adsl modem router > eth2: 192.168.0.254 local network > > /etc/shorewall/providers > ISP1 1 1 main eth0 10.1.1.1 > track eth2 > ISP2 2 2 main eth1 172.16.0.1 > track eth2 > > /etc/shorewall/tcclasses > eth1 2 8*full/10 8*full/10 2 default > eth0 1 full full 3 default > eth0 3 full/4 full 1 > tos=0x68/0xfc,tos=0xb8/0xfc > eth0 4 30kbit 35kbit 1 > > /etc/shorewall/tcdevices > eth0 800kbit 320kbit > eth1 100kbit 100kbit > > /etc/shorewall/tcrules > 4 0.0.0.0/0 0.0.0.0/0 tcp 80 > >This way you limit your upload speed If I recall correctly you can shape traffic going OUT of an interface. If you really wish to do that you must do shaping on your local (eth2) interface ( having all the incoming packets waiting on your firewall router ). Regards Harry> I need to limit downloads from all computers connected to eth2 (192.168.0) > to 35kbit. > > What is wrong with my configuration? > > Thanks > > Wilson Galafassi > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Wilson A. Galafassi Jr. wrote:> Hello to all. > > I´m trying to configure traffic shaping in showrewall with multiple ISP. I´m > using shorewall 3.4.4 > > Here´s my configuration: > > eth0: 10.1.1.254 (ISP1) adsl modem router > eth1: 172.16.0.254 (ISP2) adsl modem router > eth2: 192.168.0.254 local network > > /etc/shorewall/providers > ISP1 1 1 main eth0 10.1.1.1 > track eth2 > ISP2 2 2 main eth1 172.16.0.1 > track eth2 > > /etc/shorewall/tcclasses > eth1 2 8*full/10 8*full/10 2 default > eth0 1 full full 3 default > eth0 3 full/4 full 1 > tos=0x68/0xfc,tos=0xb8/0xfc > eth0 4 30kbit 35kbit 1 > > /etc/shorewall/tcdevices > eth0 800kbit 320kbit > eth1 100kbit 100kbit > > /etc/shorewall/tcrules > 4 0.0.0.0/0 0.0.0.0/0 tcp 80 > > > I need to limit downloads from all computers connected to eth2 (192.168.0) > to 35kbit. > > What is wrong with my configuration?Download traffic has *SOURCE* port 80, not *DEST* port 80. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Harry Lachanas wrote:> Wilson A. Galafassi Jr. wrote: >> Hello to all. >> >> I´m trying to configure traffic shaping in showrewall with multiple ISP. I´m >> using shorewall 3.4.4 >> >> Here´s my configuration: >> >> eth0: 10.1.1.254 (ISP1) adsl modem router >> eth1: 172.16.0.254 (ISP2) adsl modem router >> eth2: 192.168.0.254 local network >> >> /etc/shorewall/providers >> ISP1 1 1 main eth0 10.1.1.1 >> track eth2 >> ISP2 2 2 main eth1 172.16.0.1 >> track eth2 >> >> /etc/shorewall/tcclasses >> eth1 2 8*full/10 8*full/10 2 default >> eth0 1 full full 3 default >> eth0 3 full/4 full 1 >> tos=0x68/0xfc,tos=0xb8/0xfc >> eth0 4 30kbit 35kbit 1 >> >> /etc/shorewall/tcdevices >> eth0 800kbit 320kbit >> eth1 100kbit 100kbit >> >> /etc/shorewall/tcrules >> 4 0.0.0.0/0 0.0.0.0/0 tcp 80 >> >> > This way you limit your upload speed > If I recall correctly you can shape traffic going OUT of an interface. > > If you really wish to do that you must do shaping on your local (eth2) > interface ( having all the incoming packets waiting on your firewall > router ).That too ;-) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/