shorewall-users January 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] shorewall 4.4.27-1.el5 on

Re: [Shorewall-users] shorewall 4.4.27-1.el5 on 2.6.18-238.19.1.el5

From: Pavel Hladík <pavel.hladik_at_nospam>
Date: Fri Jan 06 2012 - 16:43:12 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

Thanks for quick response.

I already corrected the tcrules file, but it doesn't work as well. Wget command, at my example, connect exactly port 80 on TCP protocol. Why I cannot shape incoming (downloading) HTTP traffic by HTB from remote server? I was doing this shaping years ago directly by tc tool, but shorewall is more "comfy". Shaping HTTP traffic is main purpose why most people want to shape, FTP is next adept. :)

Is any chance to shape traffic with shorewall like downloading file from web server for 10sec with full speed of link and than apply shaping rules? It is very useful.

Pavel

On Jan 6, 2012, at 4:18 PM, Tom Eastep wrote:

> On Fri, 2012-01-06 at 15:18 +0100, Pavel Hladík wrote:
>> Hi, first of all thanks for excelent shorewall sw, which makes my job a little bit easier. I have a problem with traffic shaping. I would like to shape http traffic and I'm testing the shaping from local host 192.168.1.10 by this command "wget http://ftp.cvut.cz/centos/6.2/isos/x86_64/CentOS-6.2-x86_64-bin-DVD1.iso", but unfortunately I'm on the full speed of 10/10mbit link. Can you please have a look to my status.txt where should be a problem. Thank you!
>
> The wget command is used to *download* from a web site. Download traffic
> cannot be shaped unless you use an IFB. All you can do is ingress
> policing by using the IN-BANDWIDTH column of tcdevices.
>
> Also, you have the following mark rules:
>
> Chain tcfor (1 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 MARK 80 -- * * 0.0.0.0/0
> 0.0.0.0/0 MARK set 0x1
> 79910 67M MARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 MARK set 0x2
>
> Download traffic has PROTO 6 (TCP) and SOURCE PORT 80; you have PROTO
> 80.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox_______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users