On 08/19/2012 08:49 AM, Mark Allison wrote:
> Hi,
>
> I have just created a new linux firewall for home use with CentOS 6.3
> x64 minimal install and the following:
>
> Shorewall (2 interface)
> Dansguardian
> Squid
>
> I also have DHCPd and BIND9 running on there.
>
> It looks something like this http://i.imgur.com/t0LTi.png
>
> I would like to implement a simple traffic control and I've thought of
> two possible configs:
>
> 1) 10.0.0.50 (my PC) has guaranteed bandwidth of 1mbit. I also want to
> limit total download bandwidth to a group of sites defined as video
> sites (e.g. youtube.com, vimeo.com, etc) to 1mbit across the network.
> I have spent quite a long time looking for examples on the internet
> but haven't found much to help me.
>
> 2) give video sites and file downloads low priority over normal web
> browsing and DNS, instead of limiting them to 1mbit in 1).
> http://www.ckollars.org/shaping.html did inspire me to think of
> something like this:
>
> ** high priority
> DNS queries
> webmail (sites gmail, hotmail)
> mail ports IMAP POP3 SMTP
> skype
>
> ** normal priority
> normal web browsing
>
> ** low priority
> bit torrent
> video websites (youtube.com, vimeo.com, etc)
> ftp and http downloading of large files
>
> I'm really not sure whether I should be using Shorewall simple traffic
> control or complex traffic control, and I'm not really sure how to
> configure it. If someone could show me some examples or how I could do
> it, I'd much appreciate it.
Given that your requirements seem to focus on incoming traffic from
particular domains, it will be difficult to meet your needs with
Shorewall traffic shaping (simple or complex).
- Shorewall's traffic shaping works at the network layer. So:
o It doesn't know anything about DNS names.
o It can't distinguish between smaller downloads and normal web
traffic.
o It is only effective for controlling traffic sent through an
interface, not for traffic received through an interface. So
to regulate traffic from the net, you must either configure
an IFB or you need to do your traffic control as traffic is
sent out of your local interface.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
