Good Evening-
I'm having some trouble (once again) with traffic control under
shorewall 3.0.8 and Gentoo linux 2.6.17-r8.
I'm trying to catch all bittorrent traffic and put it into its own
class, which is severely limited on outgoing bandwidth (so as not to
interfere with my voip system). The tcclasses are as follows:
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
eth1 61 250kbit 7*full/8 0 eth1
62 full/4 5*full/6 1 eth1 63
full/6 3*full/4 2 default
eth1 64 80kbit 80kbit 3
...and the tcrules are as follows:
#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
TEST
# PORT(S)
61 0.0.0.0/0 0.0.0.0/0 icmp echo-request
61 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
61 $FW 0.0.0.0/0 icmp echo-request
61 $FW 0.0.0.0/0 icmp echo-reply
61 $FW 0.0.0.0/0 tcp 4569
61 $FW 0.0.0.0/0 udp 4569
61 192.168.0.148 0.0.0.0/0 tcp 4569
61 192.168.0.148 0.0.0.0/0 udp 4569
62 0.0.0.0/0 0.0.0.0/0 tcp 22
64 0.0.0.0/0 0.0.0.0/0 tcp 6881:6889,3527,2663,1301
64 0.0.0.0/0 0.0.0.0/0 udp 6881:6889,3527,2663,1301
SAVE 0.0.0.0/0 0.0.0.0/0 all - -
- !0
So far, I've been unable to get ipp2p working with my kernel, so I'm
trying to handle it manually as best I can. To test out the setup, I
restarted shorewall then started a bittorrent download (of Fedora core
6, incidentally). I manually stopped it when the uploaded size reached
1.0Mbytes. I then ran `shorewall show tc` and got the following:
class htb 1:164 parent 1:1 leaf 164: prio 3 quantum 1500 rate
80000bit ceil 80000bit burst 1540b/8 mpu 0b overhead 0b cburst
1540b/8 mpu 0b overhead 0b level 0
Sent 528821 bytes 7211 pkt (dropped 0, overlimits 0 requeues 0)
rate 53048bit 93pps backlog 0b 0p requeues 0
lended: 7211 borrowed: 0 giants: 0
tokens: 147600 ctokens: 147600
class htb 1:163 parent 1:1 leaf 163: prio 2 quantum 1500 rate
68000bit ceil 307000bit burst 1533b/8 mpu 0b overhead 0b cburst
1652b/8 mpu 0b overhead 0b level 0
Sent 1609927 bytes 6855 pkt (dropped 0, overlimits 0 requeues
0)
rate 132472bit 87pps backlog 0b 0p requeues 0
lended: 4295 borrowed: 2560 giants: 0
tokens: 174823 ctokens: 41824
class htb 1:162 parent 1:1 leaf 162: prio 1 quantum 1500 rate
102000bit ceil 341000bit burst 1550b/8 mpu 0b overhead 0b cburst
1669b/8 mpu 0b overhead 0b level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 121647 ctokens: 39178
class htb 1:161 parent 1:1 leaf 161: prio 0 quantum 3200 rate
250000bit ceil 358000bit burst 1625b/8 mpu 0b overhead 0b cburst
1678b/8 mpu 0b overhead 0b level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 52000 ctokens: 37519
If my math is serving me correctly, nowhere near 1.0Mbytes of data
flowed through these classes. Classes 62 and 61 sent 0 bytes, since I
made no voip calls or SSH connections during this time period. Class 63
(the default class) shows 196Kbytes sent, and class 64 (the bittorrent
class) shows a whopping 64Kbytes sent. Something doesn't add up here!
I'm at a loss on how to troubleshoot this further. I tried installing
wireshark (formerly ethereal) on the firewall box, to monitor my WAN
interface and see what sorts of traffic were flowing, but it's MIA.
How is all this traffic getting around my default tcclass???
Thanks Much,
Dave
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
