ipp2p is absolutely necessary if you want to shape bittorrent. The
only time your current rules will match is when people connect to your
bittorrent client, otherwise the port that is used is random. I''d
also recommend including a rule to match on 6881-6889 the default
bittorrent ports, as some people still use them, and it helps match a
few more people that have turned on encryption and ipp2p won''t match
(or you could refuse encryption in your client if it supports it).
If you do use ipp2p make sure to enable bittorrent matching, and make
sure to use connmark''s correctly. I have no knowledge of shorewall so
I don''t know what it can do for you in this regard.
Example of how i''m using ipp2p:
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark --mark $MARKP2P -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --bit --edk --kazaa --gnu
--dc -j MARK --set-mark $MARKP2P
iptables -t mangle -A PREROUTING -p tcp -m mark --mark $MARKP2P -j
CONNMARK --save-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
tc filter add dev $DEV parent 1:0 protocol ip prio 8 handle $MARKP2P
fw classid 1:13
- Jody
On 5/1/06, Jake Colman <colman@ppllc.com> wrote:>
> Does anyone here implement traffic shaping with shorewall? I need to shape
> BitTorrent traffic on my network so that upload/downloads do not overwhelm
> normal function or, even more importantly, my imminent conversion to VOIP
for
> all telephone service. I followed the shorewall documentation guide but am
> not sure if what I have done is the Right Way Of Doing Things. Nor am I
> satsified with the results so far.
>
> I am using CableVision''s Optimum Online for my broadband
connection and am
> about to install SunRocket for my VOIP. I will be attacing the relevant
file
> settings I have used. I''d appreciate any help with tweaking this
> configuration to maximuze my throughput. My goal is to ensure that,
> regardless of the number of torrents being downloaded/uploaded, my VOIP
> quality does not degrade and that my web/email/etc access works as quickly
as
> it does without the BitTorrent active.
>
> By the way, I use port forwarding to forward specific BitTorrent ports to
> specific inbound computers behind my firewall. This way, I can maximize my
> BitTorrent download/upload performance since the connection is two-way. I
> still want this limited, however, so that it does not eat up all my
> bandwidth. This is a home network with about 5 nodes, several of whom are
> teenagers. The network configuration uses a simple two-NIC server; the
modem
> connects to eth1 and the internal network is on eth0.
>
> Finally, would incorporation of ipp2p into my rules help me in any way? My
> kernel (gentoo) is already build to support ipp2p and I already have the
> module loaded and iptables is working with it. So if ipp2p would be
helpful
> I''m already set up for it.
>
> Thanks for any help.
>
> Here are my files:
>
> tcdevices:
> eth1 3800kbit 800kbit
>
>
> tcrules:
> 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request
> 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
> 2 0.0.0.0/0 0.0.0.0/0 tcp - 50001:50009
> 2 0.0.0.0/0 0.0.0.0/0 tcp - 50011:50019
> 2 0.0.0.0/0 0.0.0.0/0 tcp - 50021:50029
>
>
> tcclasses:
> eth1 1 100kbit full 1
tcp-ack,tos-minimize-delay
> eth1 2 100kbit 200kbit 2
> eth1 3 full/3 full 3 default
>
>
> --
> Jake Colman
> Sr. Applications Developer
> Principia Partners LLC
> Harborside Financial Center
> 1001 Plaza Two
> Jersey City, NJ 07311
> (201) 209-2467
> www.principiapartners.com
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>