Hello all, First of all I like to thank Tom for making wonderful shorewall script and making life for sysadmins much easier.
Anyway I got problem with simple bandwith limiting using ifb in my internal lan. I tried simple configuration. our local lan is eth1 192.168.5.0/24 eth0 is our wan interface which have 2048kbit/s upload/download. I tried to shape limit on my computer u/d 10kbit/s on ip 192.168.5.253 in internal lan but no success. This wget from kernel.org on computer 192.168.5.253 http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.4.tar.bz2 => `linux-2.6.27.4.tar.bz2.22' Resolving www.kernel.org... 204.152.191.37, 204.152.191.5 Connecting to www.kernel.org|204.152.191.37|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 50,359,534 (48M) [application/x-bzip2] 1% [ ] 699,073 95.88K/s Please help what I am doing wrong. Thank you very much. This my configuration. tcdevices,tcclasses,tcfilters,tcrules INTERFACE IN-BANDWITH OUT-BANDWIDTH 1:eth0 - 2048kbit classify 2:ifb0 - 2048kbit - eth0 Shorewall version 4 - Tcclasses File # # For information about entries in this file, type "man shorewall-tcclasses" # # See http://shorewall.net/traffic_shaping.htm for additional information. # ############################################################################### #INTERFACE MARK RATE CEIL PRIORITY OPTIONS #INTERFACE MARK RATE CEIL PRIORITY OPTIONS #####outgoing klase 1:110 - 2*full/10 full 1 default 1:120 - 10kbit 10kbit 2 2:110 - 2*full/10 full 1 default 2:120 - 10kbit 10kbit 2 ##LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ~ # For information about entries in this file, type "man shorewall-tcfilters" # # See http://shorewall.net/traffic_shaping.htm for additional information. # ############################################################################### #INTERFACE: SOURCE DEST PROTO DEST SOURCE # 1:110 - - icmp echo-request,echo-reply 1:110 - - icmp echo-reply 1:120 192.168.5.253 - tcp - - # ## INCOMING TRAFFIC ## 2:120 - 192.168.5.253 tcp - - # ## INCOMING TRAFFIC ## 2:120 - 192.168.5.253 tcp - - ## PORT(S) 1:110 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1:110 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 2:110 0.0.0.0/0 0.0.0.0/0 icmp echo-request 2:110 0.0.0.0/0 0.0.0.0/0 icmp echo-reply # Shorewall version 4 - Tcrules File # # For information about entries in this file, type "man shorewall-tcrules" # # See http://shorewall.net/traffic_shaping.htm for additional information. # For usage in selecting among multiple ISPs, see # http://shorewall.net/MultiISP.html # # See http://shorewall.net/PacketMarking.html for a detailed description of # the Netfilter/Shorewall packet marking mechanism. ############################################################################### #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS #MARK SOURCE DEST PROTO PORT(S) CLIENT USER ## PORT(S) 1:110 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1:110 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 2:110 0.0.0.0/0 0.0.0.0/0 icmp echo-request 2:110 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 1:120 192.168.5.253 0.0.0.0/0 all 1:120 0.0.0.0/0 192.168.5.253 all 2:120 192.168.5.253 0.0.0.0/0 all 2:120 0.0.0.0/0 192.168.5.253 all [EMAIL PROTECTED]:~# shorewall show filters Shorewall 4.2.0 Classifiers at fw - Thu Oct 30 12:45:46 CET 2008 Device eth0: filter parent 1: protocol ip pref 10 u32 filter parent 1: protocol ip pref 10 u32 fh 1: ht divisor 1 filter parent 1: protocol ip pref 10 u32 fh 1::800 order 2048 key ht 1 bkt 0 flowid 1:110 match 08000000/ff000000 at nexthdr+0 filter parent 1: protocol ip pref 10 u32 fh 1::801 order 2049 key ht 1 bkt 0 flowid 1:110 match 00000000/ff000000 at nexthdr+0 filter parent 1: protocol ip pref 10 u32 fh 1::802 order 2050 key ht 1 bkt 0 flowid 1:110 match 00000000/ff000000 at nexthdr+0 filter parent 1: protocol ip pref 10 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 link 1: match 00010000/00ff0000 at 8 offset 0f00>>6 at 0 eat filter parent 1: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0 link 1: match 00010000/00ff0000 at 8 offset 0f00>>6 at 0 eat filter parent 1: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt 0 flowid 1:120 match c0a805fd/ffffffff at 12 match 00060000/00ff0000 at 8 Device eth1: Device eth2: Device eth3: Device ifb0: filter parent 2: protocol ip pref 10 u32 filter parent 2: protocol ip pref 10 u32 fh 800: ht divisor 1 filter parent 2: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 2:120 match c0a805fd/ffffffff at 16 match 00060000/00ff0000 at 8 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
