On 9/27/2012 2:03 PM, Tom Eastep wrote: > On 09/27/2012 10:24 AM, Bill Shirley wrote: >> I'm experiencing a problem with masquerade downloads saturating my >> internet connection. I've implemented an IFB and now am looking into >> flow keys. Although I've read the documentation, I'm not sure I have >> this right. Can someone help? >> >> /etc/shorewall/params: >> MID_IF=eth0 >> MID_IF_TC=1 >> INET1_IF=eth1 >> INET1_IF_TC=2 >> INET1_IFB_IF=ifb0 >> INET1_IFB_TC=3 >> >> Note: MID_IF is the LAN and INET1_IF is my internet connection. >> >> /etc/shorewall/tcdevices: >> #NUMBER: IN-BANDWITH OUT-BANDWIDTH >> OPTIONS REDIRECTED >> #INTERFACE INTERFACES >> >> $MID_IF_TC:$MID_IF 0 1000mbit >> >> $INET1_IF_TC:$INET1_IF - 2mbit >> classify >> $INET1_IFB_TC:$INET1_IFB_IF - 12mbit >> - $INET1_IF >> >> /etc/shorewall/tcclasses: >> #INTERFACE:CLASS MARK RATE: CEIL PRIORITY OPTIONS >> # DMAX:UMAX >> >> $MID_IF:110 - 30*full/100 95*full/100 1 > ... >> $INET1_IFB_IF:140 - 15*full/100 85*full/100 4 flow=dst >> $INET1_IFB_IF:150 - 10*full/100 85*full/100 5 flow=dst >> >> I'm looking at the flow=keys from here: >> http://www.shorewall.net/manpages/shorewall-tcclasses.html >> >> Is this right? Is it logical to put flow control on the IFB? > No. The problem with an IFB is that the packets passed through the IFB > are "straight off the wire". So when you are masquerading, all incoming > packets from masqueraded connections have DST=<external IP>. To get > 'flow' to work correctly in that environment, you need to shape outgoing > traffic on your LAN interface where the destination address has been > re-written to that of a LAN host. > > -Tom I heard what you said but I'm not understanding. My problem is my incoming internet connection gets saturated sometimes with downloads and I want to shape that traffic according to which PC it's going to.
The IFB is going to drop packets when the connection gets saturated. I just want it to be equally distributed. If one PC is downloading at 500 KB on one connection and another PC has two connections at 500 KB, the 2nd PC will get twice as much thru-put. Because my LAN is 1 Gb I don't see how the incoming traffic on the internet is ever going to trigger traffic shaping on the LAN. Am I missing something? Thanks, Bill ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
