Copied your example exactly. My connection is an 80/20 line and when
downloading a file over 443 I see the full 80 being used.
Shorewall.conf
MARK_IN_FORWARD_CHAIN=No
FORWARD_CLEAR_MARK=
I’ve tried mangle with the interface eth1.99 (same as in the example) and also
0.0.0.0/0 but still see the same results.
On Jun 2, 2016, at 11:32 AM, Tom Eastep
<teas...@shorewall.net<mailto:teas...@shorewall.net>> wrote:
On 05/27/2016 06:44 PM, Jacob W. Hiltz wrote:
Still having problems with QoS.
TCDEVICES
eth0 - 20mbit
TCCLASSES
eth0 1 10kbit 100kbit 1
eth0 2 10kbit full 2 default
MANGLE
MARK(1) eth1.100 0.0.0.0/0 tcp 80
MARK(1) eth1.100 0.0.0.0/0 tcp - 80
MARK(2) eth1.100 0.0.0.0/0 tcp 443
MARK(2) eth1.100 0.0.0.0/0 tcp - 443
SAVE 0.0.0.0/0 0.0.0.0/0 all - -
- !0
I only ever see speeds of ~80kbps. I would expect that packets with mark=1
would be at most 100kbit (port 80 traffic) and packets with mark=2 (port 443)
would be full speed.
I must be missing something here. I’ve spent hours trying to do different
combinations and nothing seems to work for me.
You are probably marking in the PREROUTING chain
(MARK_IN_FORWARD_CHAIN=No in shorewall.conf) and have
FORWARD_CLEAR_MARK=Yes (again in shorewall.conf). Add the :F chain
designator to your MARK rules (e.g., MARK(1):F)
The MARK(2) and SAVE rules are also useless. 2 is the default mark and
you are not restoring the connection mark (or at least it is not shown
above).
Question: What would my tcclasses, tcdevices and mangle file look like if I
wanted to just limit traffic on port 443 to 1mbps and all other traffic full
speed?
TCDEVICES
eth0 - 20mbit
TCCLASSES
eth0 2 10kbit full 2 default
eth0 1 10kbit 1mbit 1
MANGLE
MARK(1):F eth1.100 0.0.0.0/0 tcp 443
MARK(1):F eth1.100 0.0.0.0/0 tcp - 443
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net<http://shorewall.net/>
\________________________________________________
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports.
https://ad.doubleclick.net/ddm/clk/305295220;132659582;e_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net<mailto:Shorewall-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
