Hi all, I''m trying to set up traffic shaping and I''m having some difficulty. Here is what I want, and where I am. 1. HTTP and SMTP traffic needs to be priority 1. 2. All other traffic priority 2 3. Torrent traffic priority 3. My distro is Fedora Core 4, and the torrent protocol does not appear in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is built on top of. Is it even possible to do this, or am I limited to TCP only traffic? Thanks in advance, Todd ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
Todd Nine wrote:> Hi all, > I''m trying to set up traffic shaping and I''m having some difficulty. > Here is what I want, and where I am. > > 1. HTTP and SMTP traffic needs to be priority 1. > 2. All other traffic priority 2 > 3. Torrent traffic priority 3. > > My distro is Fedora Core 4, and the torrent protocol does not appear > in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is > built on top of. Is it even possible to do this, or am I limited to > TCP only traffic? > > Thanks in advance, > Todd >Todd, I had a long explanatory email written, but Thunderbird did something new: It crashed and lost the email. Oh well. /etc/protocols - IP Protocols [read: Internet Protocol, part of the networking layer] /etc/services - Services, or rather Protocols which use IP as a means of communication SMTP == ip service TCP == ip protocol. So, with that in mind, you can use numbers or names in either case, and the x-ref files are /etc/protocols, and /etc/services. Examples of simple command line lookups: <snip> strapped ~ # getent protocols ip ip 0 IP strapped ~ # getent protocols tcp tcp 6 TCP strapped ~ # cat /etc/protocols |grep tcp tcp 6 TCP # transmission control protocol strapped ~ # </snip> <snip> strapped ~ # getent services smtp smtp 25/tcp mail strapped ~ # getent services http http 80/tcp www www-http strapped ~ # getent services https https 443/tcp strapped ~ # cat /etc/services |grep http # http://www.iana.org/assignments/port-numbers # http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services http 80/tcp www www-http # World Wide Web HTTP http 80/udp www www-http https 443/tcp # MCom https 443/udp gss-http 488/tcp gss-http 488/udp http-alt 591/tcp # FileMaker, Inc. - HTTP Alternate http-alt 591/udp sgi-esphttp 5554/tcp # SGI ESP HTTP sgi-esphttp 5554/udp http-alt 8008/tcp # HTTP Alternate http-alt 8008/udp http-alt 8080/tcp # HTTP Alternate http-alt 8080/udp # CVSup support http://www.cvsup.org/ </snip> I can''t make any specific rule recommendations WRT tcrule, given my deplorable luck with setting up QoS on Linux. However, I hope this helps. Sincerely, Joshua ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
Thanks for the help Joshua, but I''m still a little stuck. Hopefully Thuderbird won''t crash this time ;). Below is my current tcrules file, and I have several questions. 1. I can use eth1 in the source but not ppp0 in the DEST field. Is that due to ppp0 being a dial up device (PPPoE)? 2. It complains that http is not a valid protocol, so I''m assuming I can either put in TCP or ''6'', but then how to I get more specific? HTTP is built into TCP/IP as a protocol in the payload, how can I specifically use the http packet. 3. Once I have my Marks set up correctly, how do I actually control who has priority, is it simply based on the mark with the lowest integer value? That seems far too easy, but would be pretty nice. Thanks for all the help, Todd #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST #all traffic from lan to net 1 eth1 0.0.0.0/0 http 2 eth1 0.0.0.0/0 https 3 eth1 0.0.0.0/0 gss-http 4 eth1 0.0.0.0/0 http-alt 5 eth1 0.0.0.0/0 all 6 eth1 0.0.0.0/0 ipp2p bit On 1/13/06, Joshua Schmidlkofer <menion@asylumwear.com> wrote:> Todd Nine wrote: > > Hi all, > > I''m trying to set up traffic shaping and I''m having some difficulty. > > Here is what I want, and where I am. > > > > 1. HTTP and SMTP traffic needs to be priority 1. > > 2. All other traffic priority 2 > > 3. Torrent traffic priority 3. > > > > My distro is Fedora Core 4, and the torrent protocol does not appear > > in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is > > built on top of. Is it even possible to do this, or am I limited to > > TCP only traffic? > > > > Thanks in advance, > > Todd > > > > Todd, > > I had a long explanatory email written, but Thunderbird did something new: It crashed and lost the email. Oh well. > > /etc/protocols - IP Protocols [read: Internet Protocol, part of the networking layer] > /etc/services - Services, or rather Protocols which use IP as a means of communication > > SMTP == ip service > TCP == ip protocol. > > So, with that in mind, you can use numbers or names in either case, and the x-ref files are /etc/protocols, and /etc/services. > > Examples of simple command line lookups: > > <snip> > strapped ~ # getent protocols ip > ip 0 IP > strapped ~ # getent protocols tcp > tcp 6 TCP > strapped ~ # cat /etc/protocols |grep tcp > tcp 6 TCP # transmission control protocol > strapped ~ # > </snip> > > <snip> > strapped ~ # getent services smtp > smtp 25/tcp mail > strapped ~ # getent services http > http 80/tcp www www-http > strapped ~ # getent services https > https 443/tcp > strapped ~ # cat /etc/services |grep http > # http://www.iana.org/assignments/port-numbers > # http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services > http 80/tcp www www-http # World Wide Web HTTP > http 80/udp www www-http > https 443/tcp # MCom > https 443/udp > gss-http 488/tcp > gss-http 488/udp > http-alt 591/tcp # FileMaker, Inc. - HTTP Alternate > http-alt 591/udp > sgi-esphttp 5554/tcp # SGI ESP HTTP > sgi-esphttp 5554/udp > http-alt 8008/tcp # HTTP Alternate > http-alt 8008/udp > http-alt 8080/tcp # HTTP Alternate > http-alt 8080/udp > # CVSup support http://www.cvsup.org/ > </snip> > > I can''t make any specific rule recommendations WRT tcrule, given my deplorable luck with setting up QoS on Linux. However, I hope this helps. > > > Sincerely, > Joshua > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
On Fri, Jan 13, 2006 at 03:44:33PM -0500, Todd Nine wrote:> 2. It complains that http is not a valid protocol, so I''m assuming I > can either put in TCP or ''6'', but then how to I get more specific? > HTTP is built into TCP/IP as a protocol in the payload, how can I > specifically use the http packet.PROTO would be based on /etc/protocols. PORT can be a numeric port or anything in /etc/services, such as http,https,12345 and so on. -Jason Martin> > #MARK SOURCE DEST PROTO PORT(S) CLIENT > USER TEST > #all traffic from lan to net > 1 eth1 0.0.0.0/0 http > 2 eth1 0.0.0.0/0 https > > > On 1/13/06, Joshua Schmidlkofer <menion@asylumwear.com> wrote: > > Todd Nine wrote: > > > Hi all, > > > I''m trying to set up traffic shaping and I''m having some difficulty. > > > Here is what I want, and where I am. > > > > > > 1. HTTP and SMTP traffic needs to be priority 1. > > > 2. All other traffic priority 2 > > > 3. Torrent traffic priority 3. > > > > > > My distro is Fedora Core 4, and the torrent protocol does not appear > > > in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is > > > built on top of. Is it even possible to do this, or am I limited to > > > TCP only traffic? > > > > > > Thanks in advance, > > > Todd > > > > > > > Todd, > > > > I had a long explanatory email written, but Thunderbird did something new: It crashed and lost the email. Oh well. > > > > /etc/protocols - IP Protocols [read: Internet Protocol, part of the networking layer] > > /etc/services - Services, or rather Protocols which use IP as a means of communication > > > > SMTP == ip service > > TCP == ip protocol. > > > > So, with that in mind, you can use numbers or names in either case, and the x-ref files are /etc/protocols, and /etc/services. > > > > Examples of simple command line lookups: > > > > <snip> > > strapped ~ # getent protocols ip > > ip 0 IP > > strapped ~ # getent protocols tcp > > tcp 6 TCP > > strapped ~ # cat /etc/protocols |grep tcp > > tcp 6 TCP # transmission control protocol > > strapped ~ # > > </snip> > > > > <snip> > > strapped ~ # getent services smtp > > smtp 25/tcp mail > > strapped ~ # getent services http > > http 80/tcp www www-http > > strapped ~ # getent services https > > https 443/tcp > > strapped ~ # cat /etc/services |grep http > > # http://www.iana.org/assignments/port-numbers > > # http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services > > http 80/tcp www www-http # World Wide Web HTTP > > http 80/udp www www-http > > https 443/tcp # MCom > > https 443/udp > > gss-http 488/tcp > > gss-http 488/udp > > http-alt 591/tcp # FileMaker, Inc. - HTTP Alternate > > http-alt 591/udp > > sgi-esphttp 5554/tcp # SGI ESP HTTP > > sgi-esphttp 5554/udp > > http-alt 8008/tcp # HTTP Alternate > > http-alt 8008/udp > > http-alt 8080/tcp # HTTP Alternate > > http-alt 8080/udp > > # CVSup support http://www.cvsup.org/ > > </snip> > > > > I can''t make any specific rule recommendations WRT tcrule, given my deplorable luck with setting up QoS on Linux. However, I hope this helps. > > > > > > Sincerely, > > Joshua > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > > for problems? Stop! Download the new AJAX search engine that makes > > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_idv37&alloc_id865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users-- I have enough trouble single-tasking! This message is PGP/MIME signed.
Thanks Jason, I have the file correct now, I think. Now I''m running into another problem. It seems the iptables command shorewall executes is not valid on my system. I receive the following error. iptables v1.3.0: Unknown arg `--dport'' Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -t mangle -A tcpre -i eth1 -d 0.0.0.0/0 --dport all -j MARK --set-mark 5" Failed I''m using shorewall version 2.4.6. Googling didn''t give me much help, does anyone have any clue on how to fix this? Does anyone know which version of shorewall is required for iptables 1.3.0? Thanks, Todd #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST #all triffic from lan to net 1 eth1 0.0.0.0/0 tcp http 2 eth1 0.0.0.0/0 tcp https 3 eth1 0.0.0.0/0 tcp gss-http 4 eth1 0.0.0.0/0 tcp http-alt 5 eth1 0.0.0.0/0 all all 6 eth1 0.0.0.0/0 ipp2p bit On 1/13/06, Jason Martin <jhmartin@toger.us> wrote:> On Fri, Jan 13, 2006 at 03:44:33PM -0500, Todd Nine wrote: > > 2. It complains that http is not a valid protocol, so I''m assuming I > > can either put in TCP or ''6'', but then how to I get more specific? > > HTTP is built into TCP/IP as a protocol in the payload, how can I > > specifically use the http packet. > PROTO would be based on /etc/protocols. PORT can be a numeric port or anything > in /etc/services, such as http,https,12345 and so on. > > -Jason Martin > > > > #MARK SOURCE DEST PROTO PORT(S) CLIENT > > USER TEST > > #all traffic from lan to net > > 1 eth1 0.0.0.0/0 http > > 2 eth1 0.0.0.0/0 https > > > > > > On 1/13/06, Joshua Schmidlkofer <menion@asylumwear.com> wrote: > > > Todd Nine wrote: > > > > Hi all, > > > > I''m trying to set up traffic shaping and I''m having some difficulty. > > > > Here is what I want, and where I am. > > > > > > > > 1. HTTP and SMTP traffic needs to be priority 1. > > > > 2. All other traffic priority 2 > > > > 3. Torrent traffic priority 3. > > > > > > > > My distro is Fedora Core 4, and the torrent protocol does not appear > > > > in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is > > > > built on top of. Is it even possible to do this, or am I limited to > > > > TCP only traffic? > > > > > > > > Thanks in advance, > > > > Todd > > > > > > > > > > Todd, > > > > > > I had a long explanatory email written, but Thunderbird did something new: It crashed and lost the email. Oh well. > > > > > > /etc/protocols - IP Protocols [read: Internet Protocol, part of the networking layer] > > > /etc/services - Services, or rather Protocols which use IP as a means of communication > > > > > > SMTP == ip service > > > TCP == ip protocol. > > > > > > So, with that in mind, you can use numbers or names in either case, and the x-ref files are /etc/protocols, and /etc/services. > > > > > > Examples of simple command line lookups: > > > > > > <snip> > > > strapped ~ # getent protocols ip > > > ip 0 IP > > > strapped ~ # getent protocols tcp > > > tcp 6 TCP > > > strapped ~ # cat /etc/protocols |grep tcp > > > tcp 6 TCP # transmission control protocol > > > strapped ~ # > > > </snip> > > > > > > <snip> > > > strapped ~ # getent services smtp > > > smtp 25/tcp mail > > > strapped ~ # getent services http > > > http 80/tcp www www-http > > > strapped ~ # getent services https > > > https 443/tcp > > > strapped ~ # cat /etc/services |grep http > > > # http://www.iana.org/assignments/port-numbers > > > # http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services > > > http 80/tcp www www-http # World Wide Web HTTP > > > http 80/udp www www-http > > > https 443/tcp # MCom > > > https 443/udp > > > gss-http 488/tcp > > > gss-http 488/udp > > > http-alt 591/tcp # FileMaker, Inc. - HTTP Alternate > > > http-alt 591/udp > > > sgi-esphttp 5554/tcp # SGI ESP HTTP > > > sgi-esphttp 5554/udp > > > http-alt 8008/tcp # HTTP Alternate > > > http-alt 8008/udp > > > http-alt 8080/tcp # HTTP Alternate > > > http-alt 8080/udp > > > # CVSup support http://www.cvsup.org/ > > > </snip> > > > > > > I can''t make any specific rule recommendations WRT tcrule, given my deplorable luck with setting up QoS on Linux. However, I hope this helps. > > > > > > > > > Sincerely, > > > Joshua > > > > > > > > > ------------------------------------------------------- > > > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > > > for problems? Stop! Download the new AJAX search engine that makes > > > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > > > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > > > _______________________________________________ > > > Shorewall-users mailing list > > > Shorewall-users@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > > for problems? Stop! Download the new AJAX search engine that makes > > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > > http://ads.osdn.com/?ad_idv37&alloc_id865&op=click > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > -- > I have enough trouble single-tasking! > This message is PGP/MIME signed. > > >------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
On Fri, Jan 13, 2006 at 04:21:04PM -0500, Todd Nine wrote:> Thanks Jason, > I have the file correct now, I think. Now I''m running into another > problem. It seems the iptables command shorewall executes is not > valid on my system. I receive the following error. > > iptables v1.3.0: Unknown arg `--dport'' > Try `iptables -h'' or ''iptables --help'' for more information. > ERROR: Command "/sbin/iptables -t mangle -A tcpre -i eth1 -d 0.0.0.0/0 > --dport all -j MARK --set-mark 5" FailedI suspect it is that the keyword ''all'' is not meaningful to iptables. Try leaving the proto and port fields empty for that line. -Jason Martin -- SCUD : Sure Could Use Directions This message is PGP/MIME signed.