Hello everyone!
I have three nic''s on my Fedoracore4 machine, shorewall-3.1.0 .
eth0 , eth1, and eth2
I tried traffic shaping with and it worked well for my ethernet cards. Now
my target is to control the traffic on the basis of ip address instead of
devices. e.g. my eth1 is connected to local network and
i want to give more bandwidth (internet access) to 192.168.0.3 , less
bandwidth to 192.168.0.10 , 192.168.0.11 and so on ... My net is connected
to eth0.
Is this thing possible? How to do it?
thanks and regds
anuj
--
Anuj Singh
Best Regards
==============================================Unix is simple. It just takes a
genius to understand its simplicity.
--- Dennis Ritchie
===============================================
Wong Chee Chun
2006-Jan-11 16:56 UTC
Re: Traffic Shaping for lan on the basis of ipaddress
ermm..what do you mean by "more bandwidth"?? Please elaborate. Thanks! On 1/11/06, anuj singh <anujhere@gmail.com> wrote:> Hello everyone! > I have three nic''s on my Fedoracore4 machine, shorewall-3.1.0 . > eth0 , eth1, and eth2 > I tried traffic shaping with and it worked well for my ethernet cards. Now > my target is to control the traffic on the basis of ip address instead of > devices. e.g. my eth1 is connected to local network and > i want to give more bandwidth (internet access) to 192.168.0.3 , less > bandwidth to 192.168.0.10 , 192.168.0.11 and so on ... My net is connected > to eth0. > Is this thing possible? How to do it? > thanks and regds > anuj > > > > > -- > Anuj Singh > Best Regards > ==============================================> Unix is simple. It just takes a genius to understand its simplicity. > > --- Dennis > Ritchie > ==============================================-- Regards, Wong Chee Chun Network Engineer Softmy Co. Ltd (http://www.softmy.com) ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
On Wednesday 11 January 2006 01:36, anuj singh wrote:> Is this thing possible?Yes --> How to do it?Mark traffic based on IP address then assign the traffic to classes based on the mark values. Remember though that you can only shape outbound traffic so if you are trying to shape download traffic then you need to shape traffic forwarded from the internet and leaving the firewall on your local interface. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>Mark traffic based on IP address then assign the traffic to classes basedon the mark values. Thanks a lot Tomeastp Got it! If I am not wrong on My Fedora core4 test machine, Shorewall Version-3.1.0 I have to 1:Tell shorewall about devices I want traffic shaping in my /etc/shorewall/tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 6000kbit 700 kbit eth1 50kbit 20kbit #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE 2:Define classes to be used in my tcrules in my /etc/shorewall/tcclasses ############################## ################################################# #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth0 1 100kbit full 1 tos-ssh eth0 2 60kbit 70kbit 2 eth0 3 50kbit 55kbit 3 eth0 4 45kbit full 4 default eth1 1 100kbit full 1 - eth1 2 70kbit 100kbit 2 eth1 3 60kbit full 3 default #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE 3: I am going to give my source ip address (on my LAN) I am trying this in my /etc/shorewall/tcrules #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST # PORT(S) 1:F 192.192.192.15 192.192.192.1 tcp 22 - 255:F 192.192.192.116 192.192.192.1 tcp 22 _______________________________________________ Now on the suse machine shorewall version-2.4.3 there is only one file named tcrules (for traffic shaping) and I gave it the same configuration as above in my /etc/shorewall/tcrules file. Shorewall restart is clean. I want to upgrade my shorewall on suse. on suse machine #rpm -qa|grep shorewall gives me the package is not installed. How do I upgrade this shorewall safely. rpm -Uvh shorewall.<version>.noarch.rpm? Plus please suggest me some method (CUI based) to check the effect for resulting traffic. On 1/11/06, Wong Chee Chun <cheechun2005@gmail.com> wrote:> > ermm..what do you mean by "more bandwidth"?? Please elaborate. Thanks! > > > On 1/11/06, anuj singh <anujhere@gmail.com> wrote: > > Hello everyone! > > I have three nic''s on my Fedoracore4 machine, shorewall-3.1.0 . > > eth0 , eth1, and eth2 > > I tried traffic shaping with and it worked well for my ethernet cards. > Now > > my target is to control the traffic on the basis of ip address instead > of > > devices. e.g. my eth1 is connected to local network and > > i want to give more bandwidth (internet access) to 192.168.0.3 , less > > bandwidth to 192.168.0.10 , 192.168.0.11 and so on ... My net is > connected > > to eth0. > > Is this thing possible? How to do it? > > thanks and regds > > anuj > > > > > > > > > > -- > > Anuj Singh > > Best Regards > > ==============================================> > Unix is simple. It just takes a genius to understand its simplicity. > > > > --- Dennis > > Ritchie > > ==============================================> > > -- > Regards, > > Wong Chee Chun > Network Engineer > Softmy Co. Ltd > (http://www.softmy.com) > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_idv37&alloc_id865&opclick > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Anuj Singh Best Regards ==============================================Unix is simple. It just takes a genius to understand its simplicity. --- Dennis Ritchie ===============================================
On Thursday 12 January 2006 21:11, anuj singh wrote:> 3: I am going to give my source ip address (on my LAN) I am trying this in > my /etc/shorewall/tcrules > > #MARK SOURCE DEST PROTO PORT(S) CLIENT > USER TEST > # PORT(S) > 1:F 192.192.192.15 192.192.192.1 tcp 22 - > 255:F 192.192.192.116 192.192.192.1 tcp 22Those look wrong -- the source and destination appear to be in the same network (192.192.192.0/24) which means that the traffic will never go through the firewall.> _______________________________________________ > > Now on the suse machine shorewall version-2.4.3 there is only one file > named tcrules (for traffic shaping) and I gave it the same configuration > as above in my /etc/shorewall/tcrules file. Shorewall restart is clean. > I want to upgrade my shorewall on suse. > on suse machine > #rpm -qa|grep shorewall > gives me the package is not installed. > How do I upgrade this shorewall safely. > rpm -Uvh shorewall.<version>.noarch.rpm? > ==============================================How did you install Shorewall on that machine in the first place? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Someother person installed it on SUSE and he is not here. I found shorewall-2.4.3.tgz and folder shorewall-2.4.3 in /usr/src/packages/SOURCES/ This is the live machine so I don''t want to take any chance. Today I am planning to use /usr/src/packages/SOURCES/shorewall-2.4.3/uninstall.sh and then going to install with rpm or may be with the tar file. my plan is to take a backup of /etc/shorewall folder first and then going to upgrade it. In case of error I will reinstall the older version with the same rules. On 1/14/06, Tom Eastep <teastep@shorewall.net> wrote:> > On Thursday 12 January 2006 21:11, anuj singh wrote: > > > 3: I am going to give my source ip address (on my LAN) I am trying this > in > > my /etc/shorewall/tcrules > > > > #MARK SOURCE DEST PROTO PORT(S) CLIENT > > USER TEST > > # PORT(S) > > 1:F 192.192.192.15 192.192.192.1 tcp 22 - > > 255:F 192.192.192.116 192.192.192.1 tcp 22 > > Those look wrong -- the source and destination appear to be in the same > network (192.192.192.0/24) which means that the traffic will never go > through > the firewall. > > _______________________________________________ > > > > Now on the suse machine shorewall version-2.4.3 there is only one file > > named tcrules (for traffic shaping) and I gave it the same > configuration > > as above in my /etc/shorewall/tcrules file. Shorewall restart is clean. > > I want to upgrade my shorewall on suse. > > on suse machine > > #rpm -qa|grep shorewall > > gives me the package is not installed. > > How do I upgrade this shorewall safely. > > rpm -Uvh shorewall.<version>.noarch.rpm? > > ==============================================> > How did you install Shorewall on that machine in the first place? > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > >-- Anuj Singh Best Regards ==============================================Unix is simple. It just takes a genius to understand its simplicity. --- Dennis Ritchie ===============================================