I have entries in my tcrules file like the following.. 1:F 10.0.0.0/24 0.0.0.0/0 tcp 4500 # Ragnarok 1:F 0.0.0.0/0 10.0.0.0/24 tcp - 4500 1:F 10.0.0.0/24 0.0.0.0/0 udp 4500 1:F 0.0.0.0/0 10.0.0.0/24 udp - 4500 1:F 10.0.0.0/24 0.0.0.0/0 tcp 6900 # Ragnarok 1:F 0.0.0.0/0 10.0.0.0/24 tcp - 6900 1:F 10.0.0.0/24 0.0.0.0/0 udp 6900 1:F 0.0.0.0/0 10.0.0.0/24 udp - 6900 I have a few questions about this. Firstly some details about my setup. I have approximately a 2 meg upstream connection from my ISP, and ration a large chunk of it to uploads for a dedicated upload server with low priority. I''ve got a default chunk in the middle which is medium priority and medium bandwidth. web surfing, most video games, and anything else falls into this category. Then I have a high priority category with low bandwidth which is reserved for ssh connections, icmp, tcp syn/ack/fin, and other low bandwidth, high priority connections. among them are a few games which I play all the time. this is for one game in particular, but many of my games follow a similar pattern. also, I''m only shaping outbound traffic. here are my questions: 1) are the pairs of rules for the tcp source/destination pairs necessary, or will one pair work? (...tcp 4500/...tcp - 4500) 2) can I use one rule for tcp,udp or do I need separate rules for both. 3) can I use one rule per game and have multiple ports specified, or will that yield unpredictable results? (ie: tcp 4500,6900) I''d like to add that I''ve read all the howtos on the shorewall website, as well as reading as much of the documentation as I can understand, but I couldn''t find a clear answer to these, and it''s difficult for me to generate enough bandwidth to test the different configurations "on demand" to see if or how they work. ------------------------------------------------------------------------------
Christ Schlacta wrote:> I have entries in my tcrules file like the following.. > > 1:F 10.0.0.0/24 0.0.0.0/0 tcp 4500 # Ragnarok > 1:F 0.0.0.0/0 10.0.0.0/24 tcp - 4500 > 1:F 10.0.0.0/24 0.0.0.0/0 udp 4500 > 1:F 0.0.0.0/0 10.0.0.0/24 udp - 4500 > 1:F 10.0.0.0/24 0.0.0.0/0 tcp 6900 # Ragnarok > 1:F 0.0.0.0/0 10.0.0.0/24 tcp - 6900 > 1:F 10.0.0.0/24 0.0.0.0/0 udp 6900 > 1:F 0.0.0.0/0 10.0.0.0/24 udp - 6900 >...> > also, I''m only shaping outbound traffic. > > here are my questions: > > 1) are the pairs of rules for the tcp source/destination pairs > necessary, or will one pair work? (...tcp 4500/...tcp - 4500)We can''t answer that without knowing how the game works. The ''Important'' note at http://www.shorewall.net/traffic_shaping.htm#tcrules explains how to tell which rules are required but, in general, you should only need one rule or the other. I suggest that you: a) Play the game b) As root, type ''shorewall show mangle'' c) See which rules are actually used (non-zero packet count).> > 2) can I use one rule for tcp,udp or do I need separate rules for both.You need separate rules -- however, most games don''t use TCP. I suggest that you: a) Play the game b) As root, type ''shorewall show mangle'' c) Look at the TCP rules and see if there is a non-zero packet count.> > 3) can I use one rule per game and have multiple ports specified, or > will that yield unpredictable results? (ie: tcp 4500,6900) >''man shorewall-tcrules''. You may specify a port list in tcrules entries. Port lists are described at http://www.shorewall.net/configuration_file_basics.htm#Portlists -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------