I've got many machines behind a Shorewall Firewall that among other things NATs them all. I want to add some sort of Traffic Control that will give each computer a very roughly equal slice of my Internet bandwidth. So I've turned on Shorewall TC. It works as expected.
But there seems to be a loophole that can allow a few computers to use way way more than their fair share of bandwidth despite the TC. For example a computer that ran BitTorrent would (in my mind) abuse their capability by having their say 14 connections to different outside machines treated as 14 separate flows by the SFQ (Stochastic Fair Queueing) in the kernel and so get 14 turns (!) during every SFQ pass through its hash buckets. (Meanwhile computers browsing the web would get only one turn!) What can I do to treat each _computer_ rather than each _flow_ as a user of bandwidth? Any suggestions? thanks! (At first I thought tweaking the SFQ in the kernel was all that I needed. Shorewall TC would continue to function exactly the same without even knowing the SFQ under it was behaving differently. Fortunately for me SFQ is a loadable module that's fairly straightforward to tweak and replace. But: all my inside computers have already undergone NAT masquerading by then, so as I understand it all the packets have the _same_ source IP address [the firewall itself], and different source ports indicate different _flows_ not different _computers_. As a result there's not much SFQ-like code can do even with reasonable modifications.) -- Chuck Kollars http://www.ckollars.org/dragon.html ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
