[leaf-user] shorewall - hbt

Fri, 22 Nov 2002 11:46:12 -0800 

Hi

I'm trying to setup our shared connection, but emule and other heavy
bandwidth things still takes away bandwidth from http,ssh,DNS etc. even
i have configured them in the TOS as 16, and currently selecting by TOS
in my tc-match.
Why can low prio infect the high prio traffic?
Is there something wrong with the TOS or is it just a bad way of
selecting?

The connection is a 1024/256 according to the ISP.

/etc/shorewall/tcstart
#!/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
# 
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
#
DOWNLINK=800
UPLINK=220
DEV=eth0

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root    2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

###### uplink

# install root HTB, point default traffic to 1:12:
tc qdisc add dev $DEV root handle 1: htb default 12

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit ceil
${UPLINK}kbit burst 6k
tc class add dev $DEV parent 1:1 classid 1:10 htb rate 96kbit ceil
${UPLINK}kbit burst 6k prio 0
tc class add dev $DEV parent 1:1 classid 1:11 htb rate 96kbit ceil
${UPLINK}kbit burst 6k prio 1
tc class add dev $DEV parent 1:1 classid 1:12 htb rate 28kbit ceil
${UPLINK}kbit prio 9

# both get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: pfifo limit 5
tc qdisc add dev $DEV parent 1:11 handle 11: pfifo limit 5
tc qdisc add dev $DEV parent 1:12 handle 12: sfq perturb 10

# Select by TOS
tc filter add dev $DEV parent 1:0 protocol ip prio 0 u32 match ip tos
0x1e 0xff flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 0 u32 match ip tos
0x1c 0xff flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 0 u32 match ip tos
0x1a 0xff flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 0 u32 match ip tos
0x18 0xff flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 0 u32 match ip tos
0x16 0xff flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 0 u32 match ip tos
0x14 0xff flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 0 u32 match ip tos
0x12 0xff flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 0 u32 match ip tos
0x10 0xff flowid 1:10

tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip tos
0xe 0xff flowid 1:11
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip tos
0xc 0xff flowid 1:11
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip tos
0xa 0xff flowid 1:11
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip tos
0x8 0xff flowid 1:11
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip tos
0x6 0xff flowid 1:11
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip tos
0x4 0xff flowid 1:11
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip tos
0x2 0xff flowid 1:11

/etc/shorewall/tos
all     all             tcp             -               22:23           16
all     all             tcp             22:23           -               16
all     all             tcp             -               25              8
all     all             tcp             25              -               8
all     all             tcp             -               ftp             16
all     all             tcp             ftp             -               16
all     all             tcp             ftp-data        -               0
all     all             tcp             -               ftp-data        8
all     all             tcp             -               53              16
all     all             tcp             53              -               16
all     all             udp             53              -               16
all     all             udp             -               53              16
all     all             tcp             -               135:139         16
all     all             tcp             135:139         -               8
all     all             udp             -               135:139         16
all     all             udp             135:139         -               8
all     all             tcp             -               27015           16 all  all    
         udp             -               27015           16
all     all             tcp             27015           -               16
all     all             udp             27015           -               16
all     all             tcp             -               6666:6669       2
all     all             tcp             6666:6669       -               2
all     all             tcp             -               80              16
all     all             tcp             80              -               8
all     all             tcp             -               110             16
all     all             tcp             110             -               8
all     all             tcp             -               443             16
all     all             tcp             443             -               16
all     all             tcp             -               5190            16
all     all             tcp             5190            -               16
all     all             tcp             -               5222            16
all     all             tcp             5222            -               16

-- 
Claus Christensen <[EMAIL PROTECTED]>



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to