Wow! A wave of helpfulness. You're all pretty knowledgeable and receptive. >From Chuck's write-up, it seems I'm already doing a good portion of the right stuff. This is just a home network, not a business network, and web surfing isn't really the highest priority. As I said in the original email, we do have some servers on this line: VoIP, HTTP, SSH, VNC, etc., while also doing heavy torrenting (legal downloads, of course). It never occurred to me to stop throttling my download in tcdevices and see how my ISP takes care of that. I now have 20mbit/5mbit after a $10/month upgrade; usually more downlink then I need. And not only do I have FiOS, but I have it hooked up via a Cat 5e cable directly to my little Debian box running Shorewall. I'm definitely already blessed in many ways, so I'm just being greedy.
I'll try to stress my network as much as I can for a month or so, logging the results to look for specific improvements. -----Original Message----- From: Shorewall Guy [mailto:[email protected]] Sent: Tuesday, January 20, 2009 2:15 PM To: [email protected]; Shorewall Users Subject: Re: [Shorewall-users] Traffic Shaping Newbie Chuck Kollars wrote: > > As another example, what I use is documented at http://www.ckollars.org/shaping.html > Good writeup, Chuck. I've taken the liberty of adding a link to it from the Shorewall Traffic Shaping page. A couple of comments, though: a) It is doubtful that all of the UDP ports that you are specifying are needed (20, 21, and 110) come to immediately to mind. b) TCP port 20 is only a destination port for ACK packets. FTP servers bind to that port for active mode data connections. c) Your rules assume that no servers are running behind the Shorewall box since only requests with the listed DEST ports are being marked. Responses from local servers have the reserved ports as their SOURCE port. So, for example, outgoing responses from a web server have SOURCE port 80 (HTTP) or 443 (HTTPS). ---------------------------------------------------------------------------- -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
