I just added simple traffic shaping to my shorewall configuration. My voip conversations are no longer broken up when my internet backups run at the same time (my primary goal).
However, my download speed is now unexpectedly throttled back to about 2000kbit. With TC_ENABLED=No I consistently achieve download speeds around 14755kbit. I have tested the download speed with a nearby speed test site from my ISP. The test were run both from my PC behind shorewall as well as from the shorewall server itself. I have tried setting the in-bandwidth on $NET_IF (which is defined as eth0 in /etc/shorewall/params) to zero (tcdevices) with exactly the same results. Would you please review my configuration and see if you can see my mistake? I am running shorewall on debian etch as a paravirtualized xen domain (not dom0) using Citrix XenServer 4.0. My voip server is in the dmz zone using proxyarp at 67.52.58.205. Attached is my shorewall dump. gw1:/etc/shorewall# /sbin/shorewall version 4.0.15 gw1:/etc/shorewall# ip addr show 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc htb qlen 1000 link/ether de:1c:b7:85:21:07 brd ff:ff:ff:ff:ff:ff inet 67.52.58.198/28 brd 67.52.58.207 scope global eth0 inet 67.52.58.195/28 brd 67.52.58.207 scope global secondary eth0:0 inet 67.52.58.196/28 brd 67.52.58.207 scope global secondary eth0:1 inet 67.52.58.199/28 brd 67.52.58.207 scope global secondary eth0:2 inet 67.52.58.200/28 brd 67.52.58.207 scope global secondary eth0:3 inet 67.52.58.201/28 brd 67.52.58.207 scope global secondary eth0:4 inet 67.52.58.204/28 brd 67.52.58.207 scope global secondary eth0:5 3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 9a:d6:72:3a:88:61 brd ff:ff:ff:ff:ff:ff inet 10.11.18.1/24 brd 10.11.18.255 scope global eth1 4: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 7e:3f:65:ab:c3:69 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth2 5: eth3: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 0e:dd:bc:04:47:7c brd ff:ff:ff:ff:ff:ff inet 10.255.255.1/24 brd 10.255.255.255 scope global eth3 gw1:/etc/shorewall# ip route show 67.52.58.205 dev eth3 scope link 67.52.58.192/28 dev eth0 proto kernel scope link src 67.52.58.198 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.254 10.255.255.0/24 dev eth3 proto kernel scope link src 10.255.255.1 10.11.18.0/24 dev eth1 proto kernel scope link src 10.11.18.1 default via 67.52.58.193 dev eth0 Here are my TC files: # # Shorewall version 4 - Tcdevices File ############################################################################### #INTERFACE IN-BANDWITH OUT-BANDWIDTH $NET_IF 14755kbit 1960kbit #$NET_IF 14755kbit 100mbit # the line speed of eth0 is actually 1gbit, but it is plugged into a 100MB switch #$NET_IF 0 1960kbit # the line speed of eth0 is actually 1gbit, but it is plugged into a 100MB switch #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE # # Shorewall version 4 - Tcclasses File ############################################################################### #INTERFACE MARK RATE CEIL PRIORITY OPTIONS $NET_IF 1 10kbit 50kbit 1 tcp-ack $NET_IF 2 256kbit 300kbit 2 tos-minimize-delay # voip: 4 trunks $NET_IF 3 1694kbit full 3 default # RATE is full - sum(other marks) #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE # # Shorewall version 4 - Tcrules File ############################################################################### #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS # PORT(S) PORT(S) 2:F 0.0.0.0/0 67.52.58.205 all 2:F 67.52.58.205 0.0.0.0/0 all 1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-reply # since matching continues until all rules are processed, put highest priority rules last #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Thank you.
status.txt.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
