* Re: [LARTC] Wondershaper in internal network
2004-08-21 16:12 [LARTC] Wondershaper in internal network Johan Lindqvist
@ 2004-08-22 1:39 ` gypsy
2004-08-22 2:07 ` nix4me
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: gypsy @ 2004-08-22 1:39 UTC (permalink / raw)
To: lartc
Johan Lindqvist wrote:
>
> I've gotten wondershaper to work in my linux box, which is part of a 3
> computer network that shares the same dsl connection. The linuxbox
> handles most bulk down and uploading, and the other 2 are mainly for
> surfing and such.
> What I need from wiondershaper is that it should perform it's tasks
> with all of the traffic to the dsl modem, but do nothing with the
> internal traffic (traffic to 192.168.). This is important since I do a
> lot of remote x'ing to the linuxbox, and when that traffic to is shaped,
> it's to slow to work.
> /johan
You must tell us a lot more about your setup than above if you expect
help.
Does the linux box have more than one NIC?
Are you DNATting? If not, HOW is the DSL shared?
What makes you say that the wonder script is interfering with internal
traffic?
In a "normal" setup, the linux box will have 2 NICs, one connected to a
switch/hub serving the internal network and the other directly connected
to the DSL. Wonder then is configured to shape on the internet
(external) interface (only). That means it does not touch anything on
the internal NW.
You might be able to set up a modified Wonder such that the default /
bulk does 100Mbit (assuming your internal NW is 100) by setting RATE CEIL = 100Mb and then shape everything where the IP matches your DSL IP
so that internet stuff never gets into the bulk queue. Sort of
"reverse" logic, but that is the way I dealt with an FTP server. In the
absence of a firewall mark in FTP packets, there is no good way to
identify them, so instead handle the stuff you CAN identify and let the
rest go into bulk.
gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] Wondershaper in internal network
2004-08-21 16:12 [LARTC] Wondershaper in internal network Johan Lindqvist
2004-08-22 1:39 ` gypsy
@ 2004-08-22 2:07 ` nix4me
2004-08-22 7:14 ` Johan Lindqvist
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: nix4me @ 2004-08-22 2:07 UTC (permalink / raw)
To: lartc
gypsy wrote:
>Johan Lindqvist wrote:
>
>
>>I've gotten wondershaper to work in my linux box, which is part of a 3
>>computer network that shares the same dsl connection. The linuxbox
>>handles most bulk down and uploading, and the other 2 are mainly for
>>surfing and such.
>> What I need from wiondershaper is that it should perform it's tasks
>>with all of the traffic to the dsl modem, but do nothing with the
>>internal traffic (traffic to 192.168.). This is important since I do a
>>lot of remote x'ing to the linuxbox, and when that traffic to is shaped,
>>it's to slow to work.
>>/johan
>>
>>
>
>You must tell us a lot more about your setup than above if you expect
>help.
>
>Does the linux box have more than one NIC?
>Are you DNATting? If not, HOW is the DSL shared?
>What makes you say that the wonder script is interfering with internal
>traffic?
>
>In a "normal" setup, the linux box will have 2 NICs, one connected to a
>switch/hub serving the internal network and the other directly connected
>to the DSL. Wonder then is configured to shape on the internet
>(external) interface (only). That means it does not touch anything on
>the internal NW.
>
>You might be able to set up a modified Wonder such that the default /
>bulk does 100Mbit (assuming your internal NW is 100) by setting RATE >CEIL = 100Mb and then shape everything where the IP matches your DSL IP
>so that internet stuff never gets into the bulk queue. Sort of
>"reverse" logic, but that is the way I dealt with an FTP server. In the
>absence of a firewall mark in FTP packets, there is no good way to
>identify them, so instead handle the stuff you CAN identify and let the
>rest go into bulk.
>
>gypsy
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>
Well, there is a better way. I was able to mark ftp outgoing traffic
using iptables. I shape all outgoing packets on a port range and throw
the rest in a 100mbit bulk. Works like a champ. i have the outbound
ftp passive ports and the active port marked. Let me know if you want
to see my script.
Mark
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] Wondershaper in internal network
2004-08-21 16:12 [LARTC] Wondershaper in internal network Johan Lindqvist
2004-08-22 1:39 ` gypsy
2004-08-22 2:07 ` nix4me
@ 2004-08-22 7:14 ` Johan Lindqvist
2004-08-22 17:23 ` gypsy
2004-08-22 18:06 ` gypsy
4 siblings, 0 replies; 6+ messages in thread
From: Johan Lindqvist @ 2004-08-22 7:14 UTC (permalink / raw)
To: lartc
gypsy wrote:
>Johan Lindqvist wrote:
>
>
>>I've gotten wondershaper to work in my linux box, which is part of a 3
>>computer network that shares the same dsl connection. The linuxbox
>>handles most bulk down and uploading, and the other 2 are mainly for
>>surfing and such.
>> What I need from wiondershaper is that it should perform it's tasks
>>with all of the traffic to the dsl modem, but do nothing with the
>>internal traffic (traffic to 192.168.). This is important since I do a
>>lot of remote x'ing to the linuxbox, and when that traffic to is shaped,
>>it's to slow to work.
>>/johan
>>
>>
>
>You must tell us a lot more about your setup than above if you expect
>help.
>
>Does the linux box have more than one NIC?
>Are you DNATting? If not, HOW is the DSL shared?
>What makes you say that the wonder script is interfering with internal
>traffic?
>
>In a "normal" setup, the linux box will have 2 NICs, one connected to a
>switch/hub serving the internal network and the other directly connected
>to the DSL. Wonder then is configured to shape on the internet
>(external) interface (only). That means it does not touch anything on
>the internal NW.
>
>You might be able to set up a modified Wonder such that the default /
>bulk does 100Mbit (assuming your internal NW is 100) by setting RATE >CEIL = 100Mb and then shape everything where the IP matches your DSL IP
>so that internet stuff never gets into the bulk queue. Sort of
>"reverse" logic, but that is the way I dealt with an FTP server. In the
>absence of a firewall mark in FTP packets, there is no good way to
>identify them, so instead handle the stuff you CAN identify and let the
>rest go into bulk.
>
>gypsy
>
>
>
>
Sorry I wasn't clear.
This is my setup:
DSL modem > 4 port internet router > 1. Winxp computer
> 2. Linux computer
> 3. Linux
computer (thin client to computer no 2)
Every computer has one NIC. I know that the internal traffic is
interfered because the remote x environment get extremely slow after
running wondershaper. I have been thinking of putting a second nic into
computer no 2, since it is obvious that would eliminate the problem, but
if it is possible to solve this in another way, that would be
preferable, since it would save some money on a long cable and a new nic
;) ..
Would it not be an easy thing just putting into wondershaper another
qdisc that shapes and police say 90 mbit, and a filter that catches all
192.168. traffic that leads to that queue? I just don't know how to do
this myself...
/Johan
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] Wondershaper in internal network
2004-08-21 16:12 [LARTC] Wondershaper in internal network Johan Lindqvist
` (2 preceding siblings ...)
2004-08-22 7:14 ` Johan Lindqvist
@ 2004-08-22 17:23 ` gypsy
2004-08-22 18:06 ` gypsy
4 siblings, 0 replies; 6+ messages in thread
From: gypsy @ 2004-08-22 17:23 UTC (permalink / raw)
To: lartc
nix4me wrote:
>
> gypsy wrote:
> >You might be able to set up a modified Wonder such that the default /
> >bulk does 100Mbit (assuming your internal NW is 100) by setting RATE > >CEIL = 100Mb and then shape everything where the IP matches your DSL IP
> >so that internet stuff never gets into the bulk queue. Sort of
> >"reverse" logic, but that is the way I dealt with an FTP server. In the
> >absence of a firewall mark in FTP packets, there is no good way to
> >identify them, so instead handle the stuff you CAN identify and let the
> >rest go into bulk.
> >
> Well, there is a better way. I was able to mark ftp outgoing traffic
> using iptables. I shape all outgoing packets on a port range and throw
> the rest in a 100mbit bulk. Works like a champ. i have the outbound
> ftp passive ports and the active port marked. Let me know if you want
> to see my script.
>
> Mark
One can mark FTP packets using iptables, but
1) it takes a fair amount of horsepower on a dedicated, busy FTP server
2) in my case, even with all the helpers loaded, iptables was not
marking all packets
3) now that (most) of the FTP packets are marked, you must modify Wonder
to filter on the FW mark
IMO, that is not "a better way" than having everything not caught by a
filter into a default queue.
gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] Wondershaper in internal network
2004-08-21 16:12 [LARTC] Wondershaper in internal network Johan Lindqvist
` (3 preceding siblings ...)
2004-08-22 17:23 ` gypsy
@ 2004-08-22 18:06 ` gypsy
4 siblings, 0 replies; 6+ messages in thread
From: gypsy @ 2004-08-22 18:06 UTC (permalink / raw)
To: lartc
Johan Lindqvist wrote:
> This is my setup:
> DSL modem > 4 port internet router > 1. Winxp computer
> > 2. Linux computer
> > 3. Linux computer (thin client to computer no 2)
>
> Every computer has one NIC. I know that the internal traffic is
> interfered because the remote x environment get extremely slow after
> running wondershaper. I have been thinking of putting a second nic into
> computer no 2, since it is obvious that would eliminate the problem, but
> if it is possible to solve this in another way, that would be
> preferable, since it would save some money on a long cable and a new nic
> ;) ..
> Would it not be an easy thing just putting into wondershaper another
> qdisc that shapes and police say 90 mbit, and a filter that catches all
> 192.168. traffic that leads to that queue? I just don't know how to do
> this myself...
Might be "an easy thing", but I don't know how!
Perhaps the following will help.
http://andthatsjazz.org/lartc/ultimate.html shows a 4-queue Wonder
script.
http://www.tldp.org/HOWTO/ADSL-Bandwidth-Management-HOWTO/index.html
http://digriz.org.uk/
Jim diGriz's URL is not working right now; traceroute dies at
213.162.127.69. But it is a "don't miss", so keep trying!
What I'm not finding but expect might be possible is a second "root":
tc qdisc add dev eth0 root handle 1: htb default 30
tc qdisc add dev eth0 root handle #: htb default ## << will this work?
Dunno, but I do know that you'll get bad results if the DSL and the
internal network are in the same class.
Wonder forces EVERYTHING not otherwise filtered into the default / bulk
class. You might want NOT to do that so that unmatched stuff is totally
ignored by HTB. Rather than "match ip dst 0.0.0.0/0 flowid 1:30" you
add a bunch of filters that match internet but not internal NW...???
gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 6+ messages in thread