[LARTC] Wondershaper in internal network

[LARTC] Wondershaper in internal network

[Johan Lindqvist]

I've gotten wondershaper to work in my linux box, which is part of a 3 
computer network that shares the same dsl connection. The linuxbox 
handles most bulk down and uploading, and the other 2 are mainly for 
surfing and such.
 What I need from wiondershaper is that it should perform it's tasks 
with all of the traffic to the dsl modem, but do nothing with the 
internal traffic (traffic to 192.168.). This is important since I do a 
lot of remote x'ing to the linuxbox, and when that traffic to is shaped, 
it's to slow to work.
 I think this should be easy for anyone who knows about these things. 
But I can't seem to get enough knowledge about this just reading the 
lartc howto. Perhaps someone can help me?

/johan

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Wondershaper in internal network

[gypsy]

Johan Lindqvist wrote:
> 
> I've gotten wondershaper to work in my linux box, which is part of a 3
> computer network that shares the same dsl connection. The linuxbox
> handles most bulk down and uploading, and the other 2 are mainly for
> surfing and such.
>  What I need from wiondershaper is that it should perform it's tasks
> with all of the traffic to the dsl modem, but do nothing with the
> internal traffic (traffic to 192.168.). This is important since I do a
> lot of remote x'ing to the linuxbox, and when that traffic to is shaped,
> it's to slow to work.
> /johan

You must tell us a lot more about your setup than above if you expect
help.

Does the linux box have more than one NIC?
Are you DNATting?  If not, HOW is the DSL shared?
What makes you say that the wonder script is interfering with internal
traffic?

In a "normal" setup, the linux box will have 2 NICs, one connected to a
switch/hub serving the internal network and the other directly connected
to the DSL.  Wonder then is configured to shape on the internet
(external) interface (only).  That means it does not touch anything on
the internal NW.

You might be able to set up a modified Wonder such that the default /
bulk does 100Mbit (assuming your internal NW is 100) by setting RATE CEIL = 100Mb and then shape everything where the IP matches your DSL IP
so that internet stuff never gets into the bulk queue.  Sort of
"reverse" logic, but that is the way I dealt with an FTP server.  In the
absence of a firewall mark in FTP packets, there is no good way to
identify them, so instead handle the stuff you CAN identify and let the
rest go into bulk.

gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Wondershaper in internal network

[nix4me]

gypsy wrote:

>Johan Lindqvist wrote:
>  
>
>>I've gotten wondershaper to work in my linux box, which is part of a 3
>>computer network that shares the same dsl connection. The linuxbox
>>handles most bulk down and uploading, and the other 2 are mainly for
>>surfing and such.
>> What I need from wiondershaper is that it should perform it's tasks
>>with all of the traffic to the dsl modem, but do nothing with the
>>internal traffic (traffic to 192.168.). This is important since I do a
>>lot of remote x'ing to the linuxbox, and when that traffic to is shaped,
>>it's to slow to work.
>>/johan
>>    
>>
>
>You must tell us a lot more about your setup than above if you expect
>help.
>
>Does the linux box have more than one NIC?
>Are you DNATting?  If not, HOW is the DSL shared?
>What makes you say that the wonder script is interfering with internal
>traffic?
>
>In a "normal" setup, the linux box will have 2 NICs, one connected to a
>switch/hub serving the internal network and the other directly connected
>to the DSL.  Wonder then is configured to shape on the internet
>(external) interface (only).  That means it does not touch anything on
>the internal NW.
>
>You might be able to set up a modified Wonder such that the default /
>bulk does 100Mbit (assuming your internal NW is 100) by setting RATE >CEIL = 100Mb and then shape everything where the IP matches your DSL IP
>so that internet stuff never gets into the bulk queue.  Sort of
>"reverse" logic, but that is the way I dealt with an FTP server.  In the
>absence of a firewall mark in FTP packets, there is no good way to
>identify them, so instead handle the stuff you CAN identify and let the
>rest go into bulk.
>
>gypsy
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>  
>
Well, there is a better way.  I was able to mark ftp outgoing traffic 
using iptables.  I shape all outgoing packets on a port range and throw 
the rest in a 100mbit bulk.  Works like a champ.  i have the outbound 
ftp passive ports and the active port marked.  Let me know if you want 
to see my script.
 
Mark
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Wondershaper in internal network

[Johan Lindqvist]

gypsy wrote:

>Johan Lindqvist wrote:
>  
>
>>I've gotten wondershaper to work in my linux box, which is part of a 3
>>computer network that shares the same dsl connection. The linuxbox
>>handles most bulk down and uploading, and the other 2 are mainly for
>>surfing and such.
>> What I need from wiondershaper is that it should perform it's tasks
>>with all of the traffic to the dsl modem, but do nothing with the
>>internal traffic (traffic to 192.168.). This is important since I do a
>>lot of remote x'ing to the linuxbox, and when that traffic to is shaped,
>>it's to slow to work.
>>/johan
>>    
>>
>
>You must tell us a lot more about your setup than above if you expect
>help.
>
>Does the linux box have more than one NIC?
>Are you DNATting?  If not, HOW is the DSL shared?
>What makes you say that the wonder script is interfering with internal
>traffic?
>
>In a "normal" setup, the linux box will have 2 NICs, one connected to a
>switch/hub serving the internal network and the other directly connected
>to the DSL.  Wonder then is configured to shape on the internet
>(external) interface (only).  That means it does not touch anything on
>the internal NW.
>
>You might be able to set up a modified Wonder such that the default /
>bulk does 100Mbit (assuming your internal NW is 100) by setting RATE >CEIL = 100Mb and then shape everything where the IP matches your DSL IP
>so that internet stuff never gets into the bulk queue.  Sort of
>"reverse" logic, but that is the way I dealt with an FTP server.  In the
>absence of a firewall mark in FTP packets, there is no good way to
>identify them, so instead handle the stuff you CAN identify and let the
>rest go into bulk.
>
>gypsy
>
>
>  
>
Sorry I wasn't clear.
 This is my setup:
DSL modem > 4 port internet router > 1. Winxp computer
                                                        > 2. Linux computer
                                                        > 3. Linux 
computer (thin client to computer no 2)

Every computer has one NIC. I know that the internal traffic is 
interfered because the remote x environment get extremely slow after 
running wondershaper. I have been thinking of putting a second nic into 
computer no 2, since it is obvious that would eliminate the problem, but 
if it is possible to solve this in another way, that would be 
preferable, since it would save some money on a long cable and a new nic 
;) ..
Would it not be an easy thing just putting into wondershaper another 
qdisc that shapes and police say 90 mbit, and a filter that catches all 
192.168. traffic that leads to that queue? I just don't know how to do 
this myself...
/Johan

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Wondershaper in internal network

[gypsy]

nix4me wrote:
> 
> gypsy wrote:
> >You might be able to set up a modified Wonder such that the default /
> >bulk does 100Mbit (assuming your internal NW is 100) by setting RATE > >CEIL = 100Mb and then shape everything where the IP matches your DSL IP
> >so that internet stuff never gets into the bulk queue.  Sort of
> >"reverse" logic, but that is the way I dealt with an FTP server.  In the
> >absence of a firewall mark in FTP packets, there is no good way to
> >identify them, so instead handle the stuff you CAN identify and let the
> >rest go into bulk.
> >
> Well, there is a better way.  I was able to mark ftp outgoing traffic
> using iptables.  I shape all outgoing packets on a port range and throw
> the rest in a 100mbit bulk.  Works like a champ.  i have the outbound
> ftp passive ports and the active port marked.  Let me know if you want
> to see my script.
> 
> Mark

One can mark FTP packets using iptables, but
1) it takes a fair amount of horsepower on a dedicated, busy FTP server
2) in my case, even with all the helpers loaded, iptables was not
marking all packets
3) now that (most) of the FTP packets are marked, you must modify Wonder
to filter on the FW mark

IMO, that is not "a better way" than having everything not caught by a
filter into a default queue.

gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Wondershaper in internal network

[gypsy]

Johan Lindqvist wrote:
>  This is my setup:
> DSL modem > 4 port internet router > 1. Winxp computer
>                                    > 2. Linux computer
>                                    > 3. Linux computer (thin client to computer no 2)
> 
> Every computer has one NIC. I know that the internal traffic is
> interfered because the remote x environment get extremely slow after
> running wondershaper. I have been thinking of putting a second nic into
> computer no 2, since it is obvious that would eliminate the problem, but
> if it is possible to solve this in another way, that would be
> preferable, since it would save some money on a long cable and a new nic
> ;) ..
> Would it not be an easy thing just putting into wondershaper another
> qdisc that shapes and police say 90 mbit, and a filter that catches all
> 192.168. traffic that leads to that queue? I just don't know how to do
> this myself...

Might be "an easy thing", but I don't know how!

Perhaps the following will help.

http://andthatsjazz.org/lartc/ultimate.html shows a 4-queue Wonder
script.

http://www.tldp.org/HOWTO/ADSL-Bandwidth-Management-HOWTO/index.html

http://digriz.org.uk/
Jim diGriz's URL is not working right now; traceroute dies at
213.162.127.69.  But it is a "don't miss", so keep trying!

What I'm not finding but expect might be possible is a second "root":
tc qdisc add dev eth0 root handle 1: htb default 30
tc qdisc add dev eth0 root handle #: htb default ## << will this work?
Dunno, but I do know that you'll get bad results if the DSL and the
internal network are in the same class.

Wonder forces EVERYTHING not otherwise filtered into the default / bulk
class.  You might want NOT to do that so that unmatched stuff is totally
ignored by HTB.  Rather than "match ip dst 0.0.0.0/0 flowid 1:30" you
add a bunch of filters that match internet but not internal NW...???

gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/