Shaping with shorewall complex shaper not work (or I don't understand principle of operation)

Posted by strangeman on Server Fault See other posts from Server Fault or by strangeman
Published on 2013-06-27T23:05:11Z Indexed on 2013/07/01 23:07 UTC
Read the original article Hit count: 170

Filed under:

traffic-shaping

|

shorewall

I have router (Debian 6) with 2 network interfaces (and 1 virtual tun interface):

eth0 - localnet, 192.168.1.0/24, router ip is 192.168.1.1
eth1 - internet
tun0 - openvpn to central office. openvpn network - 10.1.0.0/24, central office network - 192.168.0.0/24

I need shape all traffic, which moves 192.168.1.0/24->192.168.0.1:6666 and 192.168.1.0/24<-192.168.0.1:6666, and restrict its speed to 200kbit.

Now, I have this configuration, but its not work:

tcdevices (set up interface parameters)

#INTERFACE      IN-BANDWITH     OUT-BANDWIDTH
eth0            100mbit        100mbit
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

tcrules (mark all traffic, which move on 6666 port)

#MARK SOURCE    DEST        PROTO PORT(S)
1     0.0.0.0/0 0.0.0.0/0   tcp   6666
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

tcclasses (shape all marked traffic)

#INTERFACE      MARK    RATE    CEIL    PRIORITY        OPTIONS
eth0            1       200kbit 200kbit     2
eth0            255     9*full/10  full    1               default
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Where is my mistake?

© Server Fault or respective owner

Related posts about traffic-shaping

tc: Linux HTTP Outgoing Traffic Shaping (Port 80 Traffic Shaping)

as seen on Internet.com - Search for 'Internet.com'
<b>nixCraft:</b> "How do I limit bandwidth allocation to http service 5Mbps (burst to 8Mbps) at peak times so that DNS and other service will not go down due to heavy activity under Linux operating systems?" >>> More
Traffic Shaping using tc

as seen on Server Fault - Search for 'Server Fault'
Hi guys, I have a 1.5 Mbit/s link that i want to share with 150 users. My setup is the following: Linux box with 3 NICs eth0 - public ip eth1 - subnet A - 50 users (static ips) eth2 - subnet B - 100 users (via dhcp) I am using squid as a transparent proxy on port 3128. dhcp server using ports… >>> More
FreeBSD Traffic Shaping

as seen on Server Fault - Search for 'Server Fault'
Hi I'm trying to do traffic shaping with FreeBSD, here are my rules su-3.2# ipfw show | grep pipe 08380 1514852 125523804 pipe 1 tcp from any to any dst-port 80 su-3.2# ipfw pipe 1 show 00001: 2.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 - 0x00000000/0x0000 BKT… >>> More
Cisco Catalyst 65XX and traffic shaping

as seen on Server Fault - Search for 'Server Fault'
Hello! I have Cisco Catalyst 65XX, many VLANs and about ~1300 users. Users connected to some D-Link switches with second-level management. D-Link switches come to my Cisco Catalyst 65XX by VLANs. So, how I can shape traffic per user? If I use something like this: access-list 145 permit ip any… >>> More
Rapidshare and megaupload traffic shaping by ISP

as seen on Super User - Search for 'Super User'
I think my ISP is shaping rapidshare and mega upload traffic, de download speed goes down to 30 kb/s every time and only on thos sites, I've tried with different programs for downloading and the same happends, is there anyway I could prove they are shaping the traffic? >>> More

Related posts about shorewall

Sub-process /usr/bin/dpkg returned an error code (1)

as seen on Server Fault - Search for 'Server Fault'
Hey friends i am getting the following error when i am trying to purge shorewall root@aptosid:/etc# apt-get purge shorewall Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: shorewall* 0 upgraded, 0 newly… >>> More
Why can't I unblock postgres with shorewall?

as seen on Server Fault - Search for 'Server Fault'
I can't seem to unblock the port needed for postgres using Shorewall. I am developing a PHP app on my windows machine here, and then I upload it on my linux box to actually use it. The linux box runs the php files as well as hosts the db server. Since I need it working from both machines, in my PHP… >>> More
Shorewall: temporarily drop incoming traffic except port 22?

as seen on Server Fault - Search for 'Server Fault'
When I work on configuration files, especially of the mail server, I would like to temporarily drop all the incoming traffic except the port 22. So, I don't risk to lose incoming mails if I need to move the mail server to another server, or something like that. Using shorewall, how I could do that… >>> More
shorewall masquerading from tun0 to ppp0

as seen on Server Fault - Search for 'Server Fault'
First interface is ppp0 (pptp vpn) Second inteface is tun0 (openvpn) Third interface eth0 (default gw interface) Openvpn is set to change default route on client for all packets to go through tun0 vpn, that part is working ok. I would like to make all packets from tun0 go to ppp0 and get out from… >>> More
Bridge and OpenVPN with shorewall

as seen on Server Fault - Search for 'Server Fault'
I have this scenario and everything it's working OK, but I want to configure my Shorewall and I can't do it. My interfaces are: br0 (bridge of eth0) tun0 (OpenVPN) vnet* (each one of bridged interfaces with public IP's) Public Main IP: 188.165.X.Y OpenVPN IP's: 172.28.0.x Bridge: public ip's So… >>> More