[LARTC] wondershaper question

[LARTC] wondershaper question

[Chris Winfield-Blum]

[-- Attachment #1: Type: text/plain, Size: 762 bytes --]

Hi I am very unclear about the wonder shaper and a bit of a novice 

with Unix all together 

 

I have a question for you and I hope you can answer

 

Basically my office is getting a couple of people slowing down the 

network so ive been looking around and found wondershaper

 

What I want to know is that can I rather than having low priority 

ports have it with high priority ports

 

And the same with high priority hosts...

 

Can I have it so that say for example 192.168.1.2 192.168.1.3 are high 

priority and port 20 22 80 443 110 25 etc are high priority?

 

Also how do I clear the rules I have made with the script??

 

If I want it to return to the default for example??

 

Thanks

 

Chris


[-- Attachment #2: Type: text/html, Size: 4139 bytes --]

Re: [LARTC] wondershaper question

[Jason Boxman]

On Thursday 01 April 2004 21:03, Chris Winfield-Blum wrote:
> Hi I am very unclear about the wonder shaper and a bit of a novice
> with Unix all together
>
> I have a question for you and I hope you can answer
>
> Basically my office is getting a couple of people slowing down the

I would seriously suggest you attempt the social engineering route first if at 
all possible.

> network so ive been looking around and found wondershaper
> What I want to know is that can I rather than having low priority
> ports have it with high priority ports
>
> And the same with high priority hosts...

Wondershaper seems to essentially allow you to put traffic you don't like in 
the dog house.  It doesn't seem to offer a facility to let you pick which 
ports or hosts constitute high priority traffic.

>
>
> Can I have it so that say for example 192.168.1.2 192.168.1.3 are high
> priority and port 20 22 80 443 110 25 etc are high priority?

Not as it is written.

> Also how do I clear the rules I have made with the script??

Try calling it with the keyword 'stop':

bash wshaper.sh stop

Which will perform:

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root    2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

> If I want it to return to the default for example??
>
> Thanks
>
> Chris

-- 

Jason Boxman
Perl Programmer / *NIX Systems Administrator
Shimberg Center for Affordable Housing | University of Florida
http://edseek.com/ - Linux and FOSS stuff

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] wondershaper question

[Chris Winfield-Blum]

Maybe there is another solution to this problem?

The problem is that I have had a couple of users on the network hogging
the bandwidth and while we do have a policy implemented sometimes the
downloads are genuinely work related (eg downloaded a new version of an
application we use for development)

Sooo what I NEED is

A script that will ensure that ports 80, 25, 110, 443, etc are priority
Then that these are then are then "shaped" to not allow one person to
hog it all.

In an IDEAL situation I would like to break it up into classes

Server Class: that has access to ALL ports and are priority for any
traffic (maybe I can set them a guaranteed 100Kb/s) 

User Class: that has priority access (that doesn't override the server
class) to ports 80, 25, 110 etc. Perhaps the remaining 156Kb/s is
divided evenly?

Any suggestions? Im really NEW to this and would love some example
scripts (preferably commently highly :P hehe)

This was the address of the other script that I found:
http://www.surestorm.com/qos/

I am not "set" on using wondershaper..

Thanks for all your help

Chris

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] wondershaper question

[Corey Hickey]

Chris Winfield-Blum wrote:
> Maybe there is another solution to this problem?
> 
> The problem is that I have had a couple of users on the network hogging
> the bandwidth and while we do have a policy implemented sometimes the
> downloads are genuinely work related (eg downloaded a new version of an
> application we use for development)
> 
> Sooo what I NEED is
> 
> A script that will ensure that ports 80, 25, 110, 443, etc are priority
> Then that these are then are then "shaped" to not allow one person to
> hog it all.
> 
> In an IDEAL situation I would like to break it up into classes
> 
> Server Class: that has access to ALL ports and are priority for any
> traffic (maybe I can set them a guaranteed 100Kb/s) 
> 
> User Class: that has priority access (that doesn't override the server
> class) to ports 80, 25, 110 etc. Perhaps the remaining 156Kb/s is
> divided evenly?
> 
> Any suggestions? Im really NEW to this and would love some example
> scripts (preferably commently highly :P hehe)
> 
> This was the address of the other script that I found:
> http://www.surestorm.com/qos/
> 
> I am not "set" on using wondershaper..
> 
> Thanks for all your help
> 
> Chris
> 

Wondershaper and other such scripts are good examples, but if you want
very fine-grained control of your traffic shaping, you'll probably want
to write your own script (or at least tweak one). Don't be intimidated
by the apparent complexity of the examples you see -- although the
commands for shaping traffic are probably unlike anything you've seen
before, they're not hard to understand after reading the available
documentation.

Of course, www.lartc.org is a good place to start. Look through chapter
9, but don't worry if you don't understand everything the first time.
The qdisc you want to use is htb (as you can see, that's the heart of
wondershaper), and there's a good in-depth description at:
http://luxik.cdi.cz/~devik/qos/htb/
(follow the link for "user guide").

-Corey
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] wondershaper question

[gypsy]

> Chris Winfield-Blum wrote:
> 
> Hi I am very unclear about the wonder shaper and a bit of a novice
> with Unix all together
> 
> I have a question for you and I hope you can answer
> 
> Basically my office is getting a couple of people slowing down the
> network so ive been looking around and found wondershaper
> 
> What I want to know is that can I rather than having low priority
> ports have it with high priority ports

Sure.

> And the same with high priority hosts...

Of course.

> Can I have it so that say for example 192.168.1.2 192.168.1.3 are high
> priority and port 20 22 80 443 110 25 etc are high priority?

Yes, but be careful with NAT; finding 192.168.1.# can be tough.  Also
remember YOU DO NOT SHAPE DOWNLOADS!  HTB can only "police" D/L, not
"shape".  You must use iptables or IMQ to "shape" D/L; I use iptables -m
limit --limit ##/second -j ACCEPT
    iptables -j DROP
and make sure that these 2 lines preceed any RELATED, ESTABLISHED
accepts.  Note that the real iptables rules include either --dport ## or
--sport ##, depending on what the rule accomplishes.  Note further that
downloads are on INPUT so I specify -A INPUT to throttle D/L.

> Also how do I clear the rules I have made with the script??
> If I want it to return to the default for example??

Read the effing script, man!

> 
> Thanks
> 
> Chris

Please don't post using HTML.

Here is a modified "wonder" script I call "ultimate"...

http://andthatsjazz.net:8/ultimate.txt

HTH

gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] wondershaper question

[gypsy]

gypsy wrote:

AFTERTHOUGHT:  I should have been more precise:

> Yes, but be careful with NAT; finding 192.168.1.# can be tough.  Also
> remember YOU DO NOT SHAPE DOWNLOADS!  HTB can only "police" D/L, not
> "shape".  You must use iptables or IMQ to "shape" D/L; I use iptables -m
> limit --limit ##/second -j ACCEPT
>     iptables -j DROP
> and make sure that these 2 lines preceed any RELATED, ESTABLISHED
> accepts.  Note that the real iptables rules include either --dport ## or
> --sport ##, depending on what the rule accomplishes.  Note further that
> downloads are on INPUT so I specify -A INPUT to throttle D/L.

iptables is "rate limiting" not "shaping".

NATted users are rate limited on the FORWARD chain, not INPUT.

gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] wondershaper question

[Corey Hickey]

gypsy wrote:
> Also
> remember YOU DO NOT SHAPE DOWNLOADS!  HTB can only "police" D/L, not
> "shape".  You must use iptables or IMQ to "shape" D/L; I use iptables -m
> limit --limit ##/second -j ACCEPT
>     iptables -j DROP
> and make sure that these 2 lines preceed any RELATED, ESTABLISHED
> accepts.  Note that the real iptables rules include either --dport ## or
> --sport ##, depending on what the rule accomplishes.  Note further that
> downloads are on INPUT so I specify -A INPUT to throttle D/L.
> 

If you use htb or other shaping qdiscs on a router, you can set it up so
that it sees packets that are leaving both interfaces and can therefore
shape traffic in both directions. Sure, you can't shape traffic destined
for the router itself, but that's rarely an issue.

-Corey
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/