Hi to all: I've configured shorewall in a test environmet to work with traffic shapping. I've read those two articles:
http://www.shorewall.net/traffic_shaping.htm http://www.shorewall.net/kernel.htm#Kernel-2.6.16 and configured my shorewall to limit the bandwitch. My firewall configuration is the following: Internet -- (external ip 192.168.0.200) FW (lan ip 192.168.10.129) --- (192.168.10.129) Client My debian version is 4.0, the vesion of shorewall deb package (3.2.6), my kernel is 2.6.23-1-686 and the configuration file of shorewall is: shorewall.conf TC_ENABLED=Internal TC_EXPERT=Yes CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth1 90kbps 80kbps tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth1 1 10kbps 30kbps 1 default eth1 2 50kbps 80kbps 2 tcrules #MARK SOURCE DEST PROTO PORT(S) CLIENT USER # PORT(S) 2 0.0.0.0/0 0.0.0.0/0 tcp 80,20,21 But when I download a file from internet, the download speed of client is 30KB/seg but it should be 80KB/seg since the mark is 2. Am I wrong? shouldn't it be the behaviour? shorewall show mangle ..... Chain tcpost (1 references) pkts bytes target prot opt in out source destination 0 0 CLASSIFY 0 -- * eth1 0.0.0.0/0 0.0.0.0/0 MARK match 0x1/0xff CLASSIFY set 1:11 0 0 CLASSIFY 0 -- * eth1 0.0.0.0/0 0.0.0.0/0 MARK match 0x2/0xff CLASSIFY set 1:12 Chain tcpre (1 references) pkts bytes target prot opt in out source destination 161 7656 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 MARK set 0x2 0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 MARK set 0x2 0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 MARK set 0x2 shorewall show capabilities Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Available Physdev Match: Available Packet length Match: Available IP range Match: Available Recent Match: Available Owner Match: Available Thanks in advanced. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
