Re: Advanced traffic shaping with iptables?
Thus spake Marco Bonetti ([EMAIL PROTECTED]): On Wed, September 26, 2007 02:41, [EMAIL PROTECTED] wrote: It looks like the script needs Tor to run on a virtual address. This could be done by adding another address to your default interface Yesterday night (CEST) I've modified the script to use only one ip, packet matching is done via uid. Unfortunately the uid/gid/pid/ matching is broken on smp machines (according to man iptables). I'll made it avalaible this evening, as soon as I get back home. Wow, nice work! I didn't see this option. Completely didn't expect it to exist either. Actually, my iptables manpage only says that pid, sid and command matching are broken on SMP. Perhaps UID is actually safe? -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpFF8zHE79Ui.pgp Description: PGP signature
Re: Advanced traffic shaping with iptables?
On Wed, October 3, 2007 10:29, Mike Perry wrote: Actually, my iptables manpage only says that pid, sid and command matching are broken on SMP. Perhaps UID is actually safe? yup you're right, also http://linux.die.net/man/8/iptables said so. I probably misread ubuntu page :) I'll remove the warning this evening, thanks for pointing out! ciao -- Marco Bonetti Slackintosh Linux Project Developer: http://www.slackintosh.org Linux-live for powerpc: http://www.slackintosh.org/pub/rsync/mb/linux-live My webstuff: http://sidbox.homelinux.org My GnuPG key id: 0x86A91047
Re: Advanced traffic shaping with iptables?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 warning removed: http://sidbox.homelinux.org/~sid77/tor.html feel free to use it and/or incorporate any changes back into your script :) ciao - -- Marco Bonetti Slackintosh Linux Project Developer: http://www.slackintosh.org Linux-live for powerpc: http://www.slackintosh.org/pub/rsync/mb/linux-live My webstuff: http://sidbox.homelinux.org My GnuPG key id: 0x86A91047 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHA99vE3eWALCzdGwRAgbiAJ4hD2XwxqxNaN896vKRN4WxPWVUuwCeIBrl sfrgfw9U4G5aD+qO3Vpy38o= =alET -END PGP SIGNATURE-
Re: Advanced traffic shaping with iptables?
On Sun, September 30, 2007 23:50, Linus Lüssing wrote: Thanks a lot for spending some time to edit this script. well, thanks :) not an hard hack though: I've just deleted some lines and modified the iptables marking rule :-P Can you tell me a programm with which I could monitor the bandwidth usage of tor only I think that BandwidthRate and BandwidthBurst options are safe enough You've to adapt the script limits to your own setup: + RATE_UP is maximum overall upload bandwidth, mine is 480kb out of 512kb + RATE_UP_TOR is minimum bw assigned to tor, I choose 160kb which should be the minimum bw to mark your node fast, IIRC + RATE_UP_TOR_CEIL, finally, is the maximum bw assigned to tor. As in Perry's script I've assigned it the same value of RATE_UP As I wrote before, my personal taste is not for traffic shapers but I modify the script and tried it for a couple of days nevertheless. For what I see looks like it works, although seems a bit aggressive to me, killing tor bw very fast. ciao -- Marco Bonetti Slackintosh Linux Project Developer: http://www.slackintosh.org Linux-live for powerpc: http://www.slackintosh.org/pub/rsync/mb/linux-live My webstuff: http://sidbox.homelinux.org My GnuPG key id: 0x86A91047
Re: Advanced traffic shaping with iptables?
Ok, I think it works, the latency for internet connections goes down from horrible ~500ms to 40-80ms, when I start the script. Can you tell me a programm with which I could monitor the bandwidth usage of tor only I think that BandwidthRate and BandwidthBurst options are safe enough No, no, I ment something else ^^. I wanted to know if there is a programm, with which I could monitor the bandwidth usage of a single programm, maybe displayed as a graph (so I could have a look, if i.e. the minimum bandwidth for tor works propably). (Yep, I could figure out the options for this script myself, the script is really good commented, nevertheless thanks again ;) ) And if I use the script, I don't need the bandwidth options in the torrc any more, do I? I've just commented them out. Greetz Linus
Re: Advanced traffic shaping with iptables?
On Wed, September 26, 2007 02:41, [EMAIL PROTECTED] wrote: It looks like the script needs Tor to run on a virtual address. This could be done by adding another address to your default interface Yesterday night (CEST) I've modified the script to use only one ip, packet matching is done via uid. Unfortunately the uid/gid/pid/ matching is broken on smp machines (according to man iptables). I'll made it avalaible this evening, as soon as I get back home. ciao -- Marco Bonetti Slackintosh Linux Project Developer: http://www.slackintosh.org Linux-live for powerpc: http://www.slackintosh.org/pub/rsync/mb/linux-live My webstuff: http://sidbox.homelinux.org My GnuPG key id: 0x86A91047
Re: Advanced traffic shaping with iptables?
On Tue, Sep 25, 2007 at 07:41:27AM +0530, Strykar wrote: Burst bandwidth wouldn't hurt the network. If you want bandwidth shaping, I'd suggest using pf (Open/FreeBSD) for traffic shaping. iptables + tc never did the job for me and it's the reason I tried pf in the first place. Pf has incredibly legible syntax and reading the pf faq will get you up and running in no time. You don't even have to read the syntax if you use pfSense. It does come with a traffic shaper. You might have trouble buying WRAP boards, but ALIX will be there any time now. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: Advanced traffic shaping with iptables?
On Tue, September 25, 2007 02:32, Linus Lüssing wrote: My problem is, that I'm sharing the Bandwidth of my ADSL Internet connection (50KiB/s upload) with TOR and some other applications I've a similar setup with a slightly better upload rate (64KB nominal) and I don't use shaping at all. I've set up tor with 60KB/60KB bandwith limits and find out they're ok. The only real downside are online games (nexuiz) which suffers badly, otherwise all other applications are ok. ciao -- Marco Bonetti Slackintosh Linux Project Developer: http://www.slackintosh.org Linux-live for powerpc: http://www.slackintosh.org/pub/rsync/mb/linux-live My webstuff: http://sidbox.homelinux.org My GnuPG key id: 0x86A91047
Re: Advanced traffic shaping with iptables?
See http://archives.seul.org/or/talk/Aug-2007/msg00192.html for such a script. I've not tested it myself, so YMMV. the documentation on trafic shaping under linux is here: http://lartc.org/ Cheers! Thanks man, this script looks pretty much the way, I've been looking for. Yep, the syntax of iptables+tc is really confusing, I tried to go through some tutorials before. But you seem to have posted a usefull link, I'll have a look at it later. Can you also telle me, what the BOX_IP and TOR_IP-paramteters are good for? It has nothing to do with my own IP-address, has it? Cause I've got a dynamic one... I've a similar setup with a slightly better upload rate (64KB nominal) and I don't use shaping at all. I've set up tor with 60KB/60KB bandwith limits and find out they're ok. The only real downside are online games (nexuiz) which suffers badly, otherwise all other applications are ok. ciao Hmm, for me, it doesn't seem to work. Talks with VoIP hangs badly, while TOR is running too. I've always got to stop the process first (what is really annoying, cause I've got to connect over SSH to my mini-linux-server in the cellar first). If you want bandwidth shaping, I'd suggest using pf (Open/FreeBSD) for traffic shaping. iptables + tc never did the job for me and it's the reason I tried pf in the first place. Pf has incredibly legible syntax and reading the pf faq will get you up and running in no time. Sounds good, but I don't want to move from Debian to Open/FreeBSD. I would have to set up all the apps again... Thanks for the quick responses. Greetz, Linus
Re: Advanced traffic shaping with iptables?
Hi, On Tue, Sep 25, 2007 at 11:30:57PM +0200, Linus L?ssing wrote: See http://archives.seul.org/or/talk/Aug-2007/msg00192.html for such a script. I've not tested it myself, so YMMV. the documentation on trafic shaping under linux is here: http://lartc.org/ Thanks man, this script looks pretty much the way, I've been looking for. Yep, the syntax of iptables+tc is really confusing, I tried to go through some tutorials before. But you seem to have posted a usefull link, I'll have a look at it later. It is probably a good start point. Can you also telle me, what the BOX_IP and TOR_IP-paramteters are good for? It has nothing to do with my own IP-address, has it? Cause I've got a dynamic one... It looks like the script needs Tor to run on a virtual address. This could be done by adding another address to your default interface # ifconfig eth0:0 10.11.12.13 and use that address in your tor config. You should probably contact the author directly if you have problem getting that particular script to work. As for iptables or tc related questions, they should probably be asked on their respective mailing-lists. Regards I've a similar setup with a slightly better upload rate (64KB nominal) and I don't use shaping at all. I've set up tor with 60KB/60KB bandwith limits and find out they're ok. The only real downside are online games (nexuiz) which suffers badly, otherwise all other applications are ok. ciao Hmm, for me, it doesn't seem to work. Talks with VoIP hangs badly, while TOR is running too. I've always got to stop the process first (what is really annoying, cause I've got to connect over SSH to my mini-linux-server in the cellar first). If you want bandwidth shaping, I'd suggest using pf (Open/FreeBSD) for traffic shaping. iptables + tc never did the job for me and it's the reason I tried pf in the first place. Pf has incredibly legible syntax and reading the pf faq will get you up and running in no time. Sounds good, but I don't want to move from Debian to Open/FreeBSD. I would have to set up all the apps again... Thanks for the quick responses. Greetz, Linus pgpkB2WlNoczs.pgp Description: PGP signature
Re: Advanced traffic shaping with iptables?
On Tue, Sep 25, 2007 at 02:32:44AM +0200, Linus L?ssing wrote: Hi there! My problem is, that I'm sharing the Bandwidth of my ADSL Internet connection (50KiB/s upload) with TOR and some other applications (i.e. online games, VPN-Server, small Teamspeak-Server, VoIP) as well. I've read, that with iptables I could priorise the packages. At the moment I'm just offering 25KiB/s, cause I need at least 25KiB/s for the other applications. But for the most time, I'm using none of the other ones, so I could theoretically offer 50KiB/s for TOR at these moments. It would be really, really helpfull, if I could set up a bandwidth rule for TOR with iptables, so I would get at least 10KiB/s but it could get all the bandwidth, that would be wasted (remember the Task-Manager for CPU-Usage-Priority, I need something like low priority for the bandwidth). Maybe someone has already built something like this as a shell script for example? Or maybe some links to good explained tutorials would be usefull as well. Any help to get this done is appreciated. See http://archives.seul.org/or/talk/Aug-2007/msg00192.html for such a script. I've not tested it myself, so YMMV. the documentation on trafic shaping under linux is here: http://lartc.org/ Cheers! pgpZ8vDN1tI3o.pgp Description: PGP signature
