Michael Mansour wrote: > In my /etc/shorewall/hosts and /etc/shorewall/zones files, I have > about 15 zones where I specify different subnets, and route for those > zones, have rules for them etc. > > What I want to do is perform outbound traffic shaping on one of those > zones.
Zones are security objects. Traffic shaping is based on network interfaces. > > In the early days of shorewall 2.x, I used to use wondershaper and a > tcstart script but when upgrading to 4.x I didn't need to implement > traffic shaping so didn't migrate that setup at the time. I assume that you saw the wondershaper-replacement configuration at http://www1.shorewall.net/traffic_shaping.htm#Wondershaper. > > Now I need shaping again, the steps I plan to take for 4.x is: > > 1. set TC_ENABLED to "Internal" in /etc/shorewall/shorewall.conf > > 2. set IN-BANDWIDTH and OUT-BANDWIDTH values in > /etc/shorewall/tcdevices You will need to tune them, especially IN-BANDWIDTH. http://www1.shorewall.net/traffic_shaping.htm gives instructions. > > 3. define rules in /etc/shorewall/tcrules > > I don't fully understand how I would use/need classes for the > tcclasses file. The entries in tcrules mark packets so that they can be associated with a class that you define in /etc/shorewall/tcclasses. > > Generally, do those steps look ok? You need to define your classes also. > > Also, looking at one of the examples on the Packet Marking URL, > there's this example: > > #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth3 1.3mbit > 384kbit #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT > REMOVE > > #INTERFACE MARK RATE CEIL PRIORITY > OPTIONS eth3 10 full full 1 > tcp-ack,tos-minimize-delay eth3 20 9*full/10 > 9*full/10 2 default eth3 30 > 6*full/10 6*full/10 3 #LAST LINE -- ADD YOUR ENTRIES > BEFORE THIS ONE -- DO NOT REMOVE > > Is the: > > 9*full/10 > > an actual equation that's processed by shorewall? if so, what's the > figure used for "full". Please see 'man shorewall-tcrules'. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
