Re: [Shorewall-users] Shorewall QoS problems

Jacob W. Hiltz Thu, 02 Jun 2016 09:40:34 -0700

Sorry to triple post…

What I have noticed since doing some tests is that if I set the limit:

eth0 2 10kbit full 2 default
eth0 1 1kbit 10kbit 1

Limits the connection to ~10kbit. If I do anything above 20kbit as the ceiling
it goes all the way to the full 10Mbit.

On Jun 2, 2016, at 1:14 PM, Jacob W. Hiltz
<ja...@prosperident.com<mailto:ja...@prosperident.com>> wrote:

Correction : Interface was eth1.100 and not eth1.99

On Jun 2, 2016, at 1:13 PM, Jacob W. Hiltz
<ja...@prosperident.com<mailto:ja...@prosperident.com>> wrote:

Copied your example exactly. My connection is an 80/20 line and when
downloading a file over 443 I see the full 80 being used.

Shorewall.conf

MARK_IN_FORWARD_CHAIN=No
FORWARD_CLEAR_MARK=

I’ve tried mangle with the interface eth1.99 (same as in the example) and also
0.0.0.0/0 but still see the same results.

On Jun 2, 2016, at 11:32 AM, Tom Eastep
<teas...@shorewall.net<mailto:teas...@shorewall.net>> wrote:

On 05/27/2016 06:44 PM, Jacob W. Hiltz wrote:
Still having problems with QoS.

TCDEVICES
eth0 - 20mbit

TCCLASSES
eth0 1 10kbit 100kbit 1
eth0 2 10kbit full 2 default

MANGLE
MARK(1) eth1.100 0.0.0.0/0 tcp 80
MARK(1) eth1.100 0.0.0.0/0 tcp - 80
MARK(2) eth1.100 0.0.0.0/0 tcp 443
MARK(2) eth1.100 0.0.0.0/0 tcp - 443
SAVE 0.0.0.0/0 0.0.0.0/0 all - -
- !0

I only ever see speeds of ~80kbps. I would expect that packets with mark=1
would be at most 100kbit (port 80 traffic) and packets with mark=2 (port 443)
would be full speed.

I must be missing something here. I’ve spent hours trying to do different
combinations and nothing seems to work for me.

You are probably marking in the PREROUTING chain
(MARK_IN_FORWARD_CHAIN=No in shorewall.conf) and have
FORWARD_CLEAR_MARK=Yes (again in shorewall.conf). Add the :F chain
designator to your MARK rules (e.g., MARK(1):F)

The MARK(2) and SAVE rules are also useless. 2 is the default mark and
you are not restoring the connection mark (or at least it is not shown
above).

Question: What would my tcclasses, tcdevices and mangle file look like if I
wanted to just limit traffic on port 443 to 1mbps and all other traffic full
speed?

TCDEVICES

eth0 - 20mbit

TCCLASSES

eth0 2 10kbit full 2 default
eth0 1 10kbit 1mbit 1

MANGLE

MARK(1):F eth1.100 0.0.0.0/0 tcp 443
MARK(1):F eth1.100 0.0.0.0/0 tcp - 443

-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net<http://shorewall.net/>
\________________________________________________

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports.
https://ad.doubleclick.net/ddm/clk/305295220;132659582;e_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net<mailto:Shorewall-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Shorewall QoS problems

Reply via email to