I am using Shorewall v3.0.4 with a simple 2-NIC configuration using a CableModem configured per the documentation. All is working fine. I am now trying to implement simple traffic shaping, again using the provided documentation. My intention is to make sure that my kid''s bittorrent downloads do not swamp my bandwidth so that I can get reasonable performance even when they are downloading. I have set everything up yet it has no discernible effect. All my web access appears to be very slow and a speed test shows drastically reduced upload/download speeds. I have portforwarded port ranges 50001:50009 and 50011:50019 throught the firewall system to specific internal machines so that those machines get maximum bittorrent throughput. I am trying to classify those packets so that they don''t interfere with other internet activity. I am posting my various config file and my shorewall dump in the hope that someone can help me. tcrules: 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 2 0.0.0.0/0 0.0.0.0/0 tcp - 50001:50009 2 0.0.0.0/0 0.0.0.0/0 tcp - 50011:50019 tcdevices: eth1 4600kbit 1200kbit tcclasses: eth1 1 100kbit full 1 tcp-ack,tos-minimize-delay eth1 2 100kbit 200kbit 2 eth1 3 full/3 full 3 default Thanks for your help! -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
On Friday 24 March 2006 05:52, Jake Colman wrote:> I have portforwarded port ranges 50001:50009 and 50011:50019 throught the > firewall system to specific internal machines so that those machines get > maximum bittorrent throughput. I am trying to classify those packets so > that they don''t interfere with other internet activity. I am posting my > various config file and my shorewall dump in the hope that someone can help > me. > > tcrules: > > 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request > 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply > 2 0.0.0.0/0 0.0.0.0/0 tcp - 50001:50009 > 2 0.0.0.0/0 0.0.0.0/0 tcp - 50011:50019You have also port forwarded 50020:50029 which you are allowing to default. And that''s the range where all of your BT traffic has been in the 8 hours covered by your dump. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Friday 24 March 2006 05:52, Jake Colman wrote:> I have portforwarded port ranges 50001:50009 and 50011:50019 throught the > firewall system to specific internal machines so that those machines get > maximum bittorrent throughput. I am trying to classify those packets so > that they don''t interfere with other internet activity. I am posting my > various config file and my shorewall dump in the hope that someone can help > me.Also, have you adjusted your IN-BANDWIDTH as described in the Traffic Shaping doc? That has a dramatic effect on interactive performance during periods of heavy downloading. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>>>>> "TE" == Tom Eastep <teastep@shorewall.net> writes:TE> On Friday 24 March 2006 05:52, Jake Colman wrote: >> I have portforwarded port ranges 50001:50009 and 50011:50019 throught TE> the >> firewall system to specific internal machines so that those machines TE> get >> maximum bittorrent throughput. I am trying to classify those packets TE> so >> that they don''t interfere with other internet activity. I am posting TE> my >> various config file and my shorewall dump in the hope that someone can TE> help >> me. >> >> tcrules: >> >> 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request >> 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply >> 2 0.0.0.0/0 0.0.0.0/0 tcp - 50001:50009 >> 2 0.0.0.0/0 0.0.0.0/0 tcp - 50011:50019 TE> You have also port forwarded 50020:50029 which you are allowing to TE> default. And that''s the range where all of your BT traffic has been TE> in the 8 hours covered by your dump. Hmmmm. Although that is a mistake, I didn''t think anyone was downloading from that IP address. I''ve added an appropriate line for 50021:50029 and I''ll restart and see what happens. -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>> "TE" == Tom Eastep <teastep@shorewall.net> writes:TE> On Friday 24 March 2006 05:52, Jake Colman wrote: >> I have portforwarded port ranges 50001:50009 and 50011:50019 throught TE> the >> firewall system to specific internal machines so that those machines TE> get >> maximum bittorrent throughput. I am trying to classify those packets TE> so >> that they don''t interfere with other internet activity. I am posting TE> my >> various config file and my shorewall dump in the hope that someone can TE> help >> me. TE> Also, have you adjusted your IN-BANDWIDTH as described in the Traffic TE> Shaping doc? That has a dramatic effect on interactive performance TE> during periods of heavy downloading. I ran a DSLReports speed test and I am measuring 3341/857 for my download/upload speed. Following the documentation, I am setting IN-BANDWIDTH at 2700kbit and my OUT-BANDWIDTH at 800kbit. Makes sense? I''ll restart shorewall now and see how my speed measures. Thanks! ...Jake -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>> "Jake" == Jake Colman <colman@ftp1.ppllc.com> writes:Jake> I am using Shorewall v3.0.4 with a simple 2-NIC configuration using Jake> a CableModem configured per the documentation. All is working fine. Jake> I am now trying to implement simple traffic shaping, again using the Jake> provided documentation. My intention is to make sure that my kid''s Jake> bittorrent downloads do not swamp my bandwidth so that I can get Jake> reasonable performance even when they are downloading. I have set Jake> everything up yet it has no discernible effect. All my web access Jake> appears to be very slow and a speed test shows drastically reduced Jake> upload/download speeds. I have made the modifications that were suggested in other posts to this thread. When I use Optimum Online''s Speed Test, without ''internal'' traffic shaping activated, I get download/upload speeds such as: 4.8/1.9461 and 4.792/1.9905. When I turn on traffic shaping, I get download/upload speeds such as 1.81/.8297 and 1.617/.7969. Is this to be expected or am I doing something wrong? I''ve attached a shorewall dump done after I activated traffic shaping and did two speed tests. Here are my current configs: tcclasses: eth1 1 100kbit full 1 tcp-ack,tos-minimize-delay eth1 2 100kbit 200kbit 2 eth1 3 full/3 full 3 default tcdevices: eth1 2700kbit 800kbit tcrules: 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 2 0.0.0.0/0 0.0.0.0/0 tcp - 50001:50009 2 0.0.0.0/0 0.0.0.0/0 tcp - 50011:50019 2 0.0.0.0/0 0.0.0.0/0 tcp - 50021:50029 -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
On Wednesday 29 March 2006 05:33, Jake Colman wrote:> I have made the modifications that were suggested in other posts to this > thread. When I use Optimum Online''s Speed Test, without ''internal'' traffic > shaping activated, I get download/upload speeds such as: 4.8/1.9461 and > 4.792/1.9905. When I turn on traffic shaping, I get download/upload speeds > such as 1.81/.8297 and 1.617/.7969. Is this to be expected or am I doing > something wrong?Looks roughly equivalent to the capacity that you have defined for the device. The download speed is a bit lower than I would have expected (1.6-8 vs. 2.7) but then ingress "shaping" is pretty crude. The upload speed is right on (.79-.83 vs. .80) and upload is what you are really controlling. I''m curious why you have the IN-BANDWIDTH set that low (2700) when your measured download capacity is around 4800). I''ve never seen it set below about 80% of measured.> > tcdevices: > > eth1 2700kbit 800kbit >-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>>>>> "TE" == Tom Eastep <teastep@shorewall.net> writes:>> On Wednesday 29 March 2006 05:33, Jake Colman wrote: >> I have made the modifications that were suggested in other posts to >> this thread. When I use Optimum Online''s Speed Test, without >> ''internal'' traffic shaping activated, I get download/upload speeds such >> as: 4.8/1.9461 and 4.792/1.9905. When I turn on traffic shaping, I get >> download/upload speeds such as 1.81/.8297 and 1.617/.7969. Is this to >> be expected or am I doing something wrong? TE> Looks roughly equivalent to the capacity that you have defined for the TE> device. The download speed is a bit lower than I would have expected TE> (1.6-8 vs. 2.7) but then ingress "shaping" is pretty crude. The TE> upload speed is right on (.79-.83 vs. .80) and upload is what you are TE> really controlling. I''m curious why you have the IN-BANDWIDTH set that TE> low (2700) when your measured download capacity is around 4800). I''ve TE> never seen it set below about 80% of measured. Tom, I changed the IN-BANDWIDTH to be 3800, which is appx 80% of my measured download capacity. I was probably taking 80% of my already shaped download when I came up with the original number. So it is to be expected that my download/upload speed results change when using shaping? I guess that makes sense, since I''m limiting the traffic but why do we specify figures that are 80% of capacity? With this new setting, my speed test now shows numbers such as 2.923/.8232 and 2.905/.8258. Are these considered reasonable numbers? With a bittorrent download running, my download speed drops to as low as 2.2 with a high of 2.7 across several tests. I guess this is reasonable and shows that my download is not terribly impacting performance? Or should I have seen no difference at all? I just tested with two torrent downloading simultaneously. Now my speed tests drops to 1.5 or even as little as .98. And on-line session to my office via VNC is noticeably slower. Isn''t this what traffic shaping is supposed to help? Am I misconfigured? I am attaching a shorewall dump that covers the period described in this email. Thanks for your help. -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
On Wednesday 29 March 2006 10:19, Jake Colman wrote:> So it is to be expected that my download/upload speed results change when > using shaping? I guess that makes sense, since I''m limiting the traffic > but why do we specify figures that are 80% of capacity?Please read the traffic shaping doc again -- it explains that for IN-BANDWIDTH, you should start at 80% and adjust. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>>>>> "TE" == Tom Eastep <teastep@shorewall.net> writes:>> On Wednesday 29 March 2006 10:19, Jake Colman wrote: So it is to be >> expected that my download/upload speed results change when using >> shaping? I guess that makes sense, since I''m limiting the traffic but >> why do we specify figures that are 80% of capacity? TE> Please read the traffic shaping doc again -- it explains that for TE> IN-BANDWIDTH, you should start at 80% and adjust. Tom, You are correct; I should have read that before posting. But what about the rest of my email? ===================================================================== With a bittorrent download running, my download speed drops to as low as 2.2 with a high of 2.7 across several tests. I guess this is reasonable and shows that my download is not terribly impacting performance? Or should I have seen no difference at all? I just tested with two torrent downloading simultaneously. Now my speed tests drops to 1.5 or even as little as .98. And on-line session to my office via VNC is noticeably slower. Isn''t this what traffic shaping is supposed to help? Am I misconfigured? ===================================================================== Does the shorewall dump that I attached to my previous posting explain what''s going on? -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Thursday 30 March 2006 07:24, Jake Colman wrote:> >>>>> "TE" == Tom Eastep <teastep@shorewall.net> writes: > >>>>> > >> On Wednesday 29 March 2006 10:19, Jake Colman wrote: So it is to be > >> expected that my download/upload speed results change when using > >> shaping? I guess that makes sense, since I''m limiting the traffic > >> but why do we specify figures that are 80% of capacity? > > TE> Please read the traffic shaping doc again -- it explains that for > TE> IN-BANDWIDTH, you should start at 80% and adjust. > > Tom, > > You are correct; I should have read that before posting. > > But what about the rest of my email? > what''s going on?Jake -- I know next to nothing about traffic shaping. I''ve tried to assist you because my name is on the product and I want to be helpful. But I have neither the time nor the interest to study traffic shaping just so I can tutor you. I personally use a very simple "Wondershaper replacement" configuration that meets my needs. I neither designed nor wrote the traffic shaping code in Shorewall. Sorry -- hopefully there is someone else on the list who can be of more help to you than I can. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hi Jake In the normal setup, Shorewall only performs real shaping on outgoing traffic. Incoming traffic is just dropped, if it exceeds the limit. So you''re not down-prioritizing downloads by bittorrent relative to your other downloads. Therefore it is to be expected that your download speed will go down when bittorrent is downloading as well. Usually, it is the upstream traffic that is the most important to shape. So try and see if that works for you: if bitstream is uploading, you should still have a good speed for other uploads. Shaping downstream traffic is a bit more complicated. See for instance the other topic "simple traffic shaping, pls. advise me" on this list. Rune On 3/30/06, Tom Eastep <teastep@shorewall.net> wrote:> On Thursday 30 March 2006 07:24, Jake Colman wrote: > > >>>>> "TE" == Tom Eastep <teastep@shorewall.net> writes: > > >>>>> > > >> On Wednesday 29 March 2006 10:19, Jake Colman wrote: So it is to be > > >> expected that my download/upload speed results change when using > > >> shaping? I guess that makes sense, since I''m limiting the traffic > > >> but why do we specify figures that are 80% of capacity? > > > > TE> Please read the traffic shaping doc again -- it explains that for > > TE> IN-BANDWIDTH, you should start at 80% and adjust. > > > > Tom, > > > > You are correct; I should have read that before posting. > > > > But what about the rest of my email? > > what''s going on? > > Jake -- I know next to nothing about traffic shaping. I''ve tried to assist you > because my name is on the product and I want to be helpful. But I have > neither the time nor the interest to study traffic shaping just so I can > tutor you. I personally use a very simple "Wondershaper replacement" > configuration that meets my needs. I neither designed nor wrote the traffic > shaping code in Shorewall. > > Sorry -- hopefully there is someone else on the list who can be of more help > to you than I can. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > >------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642