Hi Tom, First of all, thank you for the reply. :)
I am aware that the sum exceeds the total bandwidth by far, but the number of hosts is under normal circumstances below 20. I just want to make sure that My plan was to decrease the bandwidth per host if/when that number increase. I know the line is limited but that's the resource I have available at this time. I have tried upgrading to 20MBit, but without luck so far. Do you think the matching rules are OK, and that the problem is the number of them? I have been using ipp2p before, but I have been having trouble making it work with 2.6.22-gentoo-r9. I cant seem to enable it in the kernel. What approach would you recommend to deal with P2P traffic overload? Thanks in advance Jesper 2007/12/6, Tom Eastep <[EMAIL PROTECTED]>: > Jesper Taxbøl wrote: > > > > > The problem is when I start shorewall the traffic slows down to almost > > complete standstill, indicating that my tcrules dont mark the traffic > > correctly. > > Have you looked at the CPU utilization of the box when Shorewall is started? > I suspect that it is high. > > What am I doing wrong? > > To start with, you are subjecting _every_ packet going through your firewall > to 150 rules in the mangle table! Every forwarded packet goes through all > 100+ marking rules and 50 CLASSIFY rules (neither the MARK target nor the > CLASSIFY target is terminating). The class-per-host approach to traffic > shaping scales poorly. > > Another thing that I notice is that the sum of RATEs appears to exceed the > bandwidth (you didn't show us the entire tcclasses file and I'm not going to > sit here with a calculator and your dump, adding up the raw rates). If that > is the case, then with more than 20-30 users on-line, traffic shaping will > cease to function at all. > > Finally, I suspect that trying to share a line of this speed between 50 > hosts is going to yield miserable performance during peak usage times no > matter what you do. Your line is about the same speed as the one that I have > here; mine supports two users and a low-volume server. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ [EMAIL PROTECTED] > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > ------------------------------------------------------------------------- > SF.Net email is sponsored by: The Future of Linux Business White Paper > from Novell. From the desktop to the data center, Linux is going > mainstream. Let it simplify your IT future. > http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
