Shorewall users - Aug 2002 - TC problem

I''m trying to limit the outgoing data transfer rate of
the file sharing protocol Direct Connect since the net
connection is an asymmetrical DSL link.

I want to regulate all traffic going to/from tcp/udp port 411/412,
source on my internal net, and dest on the internet.


It seems to regulate fine, but the downstream data rate
is affected by the traffic control too...

If I terminate all upstream sessions, the downstream
sessions all pick up speed.

The box I''m running the client on has port 412 DNATed
from the firewall.


Anyone got any ideas?


/magnus

debian testing, shorewall 1.3.5-1

tcrules:
#MARK           SOURCE          DEST            PROTO   PORT(S) CLIENT
PORT(S)

1              192.168.1.0/24  !192.168.1.0/24 udp     -       411,412
1              192.168.1.0/24  !192.168.1.0/24 tcp     -       411,412
1              192.168.1.0/24  !192.168.1.0/24 udp     411,412 -
1              192.168.1.0/24  !192.168.1.0/24 tcp     411,412 -

cbq: (eth0 is external iface)
10:1    eth0    cbq     768Kbit:768Kbit:77Kbit  1000    -
10:101  10:1    sfq     150Kbit:150Kbit:15Kbit  1000    1       bounded

shorewall start:
...
   Rule "DNAT net loc:192.168.1.100 udp 412" added.
   Rule "DNAT net loc:192.168.1.100 tcp 412" added.
...
Setting up Traffic Control Rules...
   TC Rule "1 192.168.1.0/24 !192.168.1.0/24 udp - 411,412" added
   TC Rule "1 192.168.1.0/24 !192.168.1.0/24 tcp - 411,412" added
   TC Rule "1 192.168.1.0/24 !192.168.1.0/24 udp 411,412 -" added
   TC Rule "1 192.168.1.0/24 !192.168.1.0/24 tcp 411,412 -" added
Processing /etc/shorewall/tcstart ...
Processing /etc/shorewall/qdisc ...
   Class "10:1 eth0 cbq 768Kbit:768Kbit:77Kbit 1000 -" defined
   Class "10:101 10:1 sfq 150Kbit:150Kbit:15Kbit 1000 1 bounded"
defined
Activating Rules...
...

tc -s qdisc:
qdisc sfq 8007: dev eth0 quantum 1514b perturb 15sec
 Sent 14692141 bytes 14562 pkts (dropped 0, overlimits 0)
 backlog 8p

qdisc cbq 10: dev eth0 rate 768Kbit (bounded,isolated) prio no-transmit
 Sent 14741382 bytes 15093 pkts (dropped 0, overlimits 22348)
 backlog 8p
  borrowed 0 overactions 0 avgidle 8332 undertime 0

On Sun, 18 Aug 2002, Magnus Stenman wrote:
> I''m trying to limit the outgoing data transfer rate of
> the file sharing protocol Direct Connect since the net
> connection is an asymmetrical DSL link.
> 
> I want to regulate all traffic going to/from tcp/udp port 411/412,
> source on my internal net, and dest on the internet.
> 
> 
> It seems to regulate fine, but the downstream data rate
> is affected by the traffic control too...
> 
> If I terminate all upstream sessions, the downstream
> sessions all pick up speed.
> 
> The box I''m running the client on has port 412 DNATed
> from the firewall.
> 
> 
> Anyone got any ideas?
> 
> 
The obvious answer is that your rules are limiting the rate of upstream 
ACKs to downstream payload packets. If this protocol is push-only or 
pull-only then you can avoid the problem by removing the appropriate pair 
of tcrules (either the first two or the last two). If it can be either 
push or pull, then I''m afraid that you''re out of luck.

-Tom
> /magnus
> 
> debian testing, shorewall 1.3.5-1
> 
> tcrules:
> #MARK           SOURCE          DEST            PROTO   PORT(S) CLIENT
> PORT(S)
> 
> 1              192.168.1.0/24  !192.168.1.0/24 udp     -       411,412
> 1              192.168.1.0/24  !192.168.1.0/24 tcp     -       411,412
> 1              192.168.1.0/24  !192.168.1.0/24 udp     411,412 -
> 1              192.168.1.0/24  !192.168.1.0/24 tcp     411,412 -
> 
> cbq: (eth0 is external iface)
> 10:1    eth0    cbq     768Kbit:768Kbit:77Kbit  1000    -
> 10:101  10:1    sfq     150Kbit:150Kbit:15Kbit  1000    1       bounded
> 
> shorewall start:
> ...
>    Rule "DNAT net loc:192.168.1.100 udp 412" added.
>    Rule "DNAT net loc:192.168.1.100 tcp 412" added.
> ...
> Setting up Traffic Control Rules...
>    TC Rule "1 192.168.1.0/24 !192.168.1.0/24 udp - 411,412" added
>    TC Rule "1 192.168.1.0/24 !192.168.1.0/24 tcp - 411,412" added
>    TC Rule "1 192.168.1.0/24 !192.168.1.0/24 udp 411,412 -" added
>    TC Rule "1 192.168.1.0/24 !192.168.1.0/24 tcp 411,412 -" added
> Processing /etc/shorewall/tcstart ...
> Processing /etc/shorewall/qdisc ...
>    Class "10:1 eth0 cbq 768Kbit:768Kbit:77Kbit 1000 -" defined
>    Class "10:101 10:1 sfq 150Kbit:150Kbit:15Kbit 1000 1 bounded"
defined
> Activating Rules...
> ...
> 
> tc -s qdisc:
> qdisc sfq 8007: dev eth0 quantum 1514b perturb 15sec
>  Sent 14692141 bytes 14562 pkts (dropped 0, overlimits 0)
>  backlog 8p
> 
> qdisc cbq 10: dev eth0 rate 768Kbit (bounded,isolated) prio no-transmit
>  Sent 14741382 bytes 15093 pkts (dropped 0, overlimits 22348)
>  backlog 8p
>   borrowed 0 overactions 0 avgidle 8332 undertime 0
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users
> 
> 
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net