Hi!
I''m trying to learn about traffic shaping to enable it on my
building''s
firewall (with one external interface and four internal interfaces).
However, I''ve bumped into two questions so far:
1. Several places mention supplying a tcstart file but I don''t
have one, nor is one readily apparent to me on the website. Perhaps you can
quickly point me to where I can find an example tcstart file?
2. In shorewall.conf there is this segment:
# ENABLE TRAFFIC SHAPING
#
# If you say "Yes" or "yes" here, Traffic Shaping
is enabled in
the firewall. If
# you say "No" or "no" then traffic shaping is not
enabled. If you
enable traffic
# shaping you must have iproute[2] installed (the "ip" and
"tc"
utilities) and
# you must enable packet mangling above.
#
TC_ENABLED=Yes
However, nowhere else in that file does the string "mangl"
appear.
To which setting does this refer?
Thanks!
--
Rodolfo J. Paiz
rpaiz@simpaticus.com
http://www.simpaticus.com
Rodolfo J. Paiz wrote:> Hi! > > I''m trying to learn about traffic shaping to enable it on my > building''s firewall (with one external interface and four internal > interfaces). However, I''ve bumped into two questions so far: > > 1. Several places mention supplying a tcstart file but I > don''t have one, nor is one readily apparent to me on the website. > Perhaps you can quickly point me to where I can find an example > tcstart file? >You would copy the tc based script that you develop to /etc/shorewall/tcstart. Also, based on your requirements, you''ll probably have to edit /etc/shorewall/tcrules to match what you defined in tcstart. FWIW: Although I don''t think wondershaper fits your requirements (I''ve been following your thread on the fedora list) I use wondershaper http://lartc.org/wondershaper and simply copied it to /etc/shorewall/tcstart (after editing to my requirements) and then set TC_ENABLED=yes in shorewall.conf. Again, my requirements were to restrict outbound download speeds, not inbound. Steve Cowles
Rodolfo J. Paiz wrote:> Hi! > > I''m trying to learn about traffic shaping to enable it on my building''s > firewall (with one external interface and four internal interfaces). > However, I''ve bumped into two questions so far: > > 1. Several places mention supplying a tcstart file but I don''t > have one, nor is one readily apparent to me on the website. Perhaps you > can quickly point me to where I can find an example tcstart file?There''s a complete example in the Shorewall Traffic Control documentation -- I don''t claim that it will do anything useful for you but it is shows you code that I ran for a while. I currently use Wondershaper but Steve Cowles has mentioned that he doesn''t believe that it will meet your requirements. Traffic Shaping rather off-topic here -- Shorewall doesn''t do any traffic shaping by itself; it rather provides a few simple tools to "play nice" with Traffic Shaping solutions. Shorewall now detects whether your kernel/iptables supports packet mangling -- there is no longer a setting for it in shorewall.conf. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Thu, 2004-07-08 at 12:53, Tom Eastep wrote:> Rodolfo J. Paiz wrote: > > Hi! > > > > I''m trying to learn about traffic shaping to enable it on my building''s > > firewall (with one external interface and four internal interfaces). > > However, I''ve bumped into two questions so far: > > > > 1. Several places mention supplying a tcstart file but I don''t > > have one, nor is one readily apparent to me on the website. Perhaps you > > can quickly point me to where I can find an example tcstart file? > > There''s a complete example in the Shorewall Traffic Control > documentation -- I don''t claim that it will do anything useful for you > but it is shows you code that I ran for a while. > > I currently use Wondershaper but Steve Cowles has mentioned that he > doesn''t believe that it will meet your requirements. > > Traffic Shaping rather off-topic here -- Shorewall doesn''t do any > traffic shaping by itself; it rather provides a few simple tools to > "play nice" with Traffic Shaping solutions. > > Shorewall now detects whether your kernel/iptables supports packet > mangling -- there is no longer a setting for it in shorewall.conf.Tom/Steve Cowles, I think I''ve managed to help Rodolfo there with what he needed. I''ve tested it and it works on my box with 2 interfaces. It''s gonna take Rodolfo some time to digest it since he''s going on vacation. But FWIW, it works perfectly, either being integrated into shorewall as a tcstart file or as a standalone shell script. If any of you guys are interested, I''ve written the howto which can be found here http://my-opensource.org/howto/qostrafficshaping-shorewall-wondershaper-howto.html and what I''ve managed to cook up for Rodolfo can be found here. http://www.redhat.com/archives/fedora-list/2004-July/msg01764.html -- Ow Mun Heng Fedora GNU/Linux Core 2 (Tettnang) on D600 1.4Ghz CPU kernel 2.6.7-2.jul1-interactive Neuromancer 16:29:14 up 7:35, 5 users, load average: 2.10, 1.99, 1.89