Jesper Taxbøl wrote: > > The problem is when I start shorewall the traffic slows down to almost > complete standstill, indicating that my tcrules dont mark the traffic > correctly.
Have you looked at the CPU utilization of the box when Shorewall is started? I suspect that it is high. What am I doing wrong? To start with, you are subjecting _every_ packet going through your firewall to 150 rules in the mangle table! Every forwarded packet goes through all 100+ marking rules and 50 CLASSIFY rules (neither the MARK target nor the CLASSIFY target is terminating). The class-per-host approach to traffic shaping scales poorly. Another thing that I notice is that the sum of RATEs appears to exceed the bandwidth (you didn't show us the entire tcclasses file and I'm not going to sit here with a calculator and your dump, adding up the raw rates). If that is the case, then with more than 20-30 users on-line, traffic shaping will cease to function at all. Finally, I suspect that trying to share a line of this speed between 50 hosts is going to yield miserable performance during peak usage times no matter what you do. Your line is about the same speed as the one that I have here; mine supports two users and a low-volume server. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
