Hi,
I'm fairly new to shorewall (I used to be a FIAIF user).
I'm basically trying to setup traffic shaping on my firewall/gateway.
I'd like to get highest prio for interactive traffic (SSH, but not SCP)
I'd like guaranteed bandwidth for VoIP traffic
I'd like guaranteed bandwidth for DNS traffic
I'd like guaranteed bandwidth for WWW traffic
I'd like best effort for the rest.
Here is how I did config shorewall:
/etc/shorewall/tcclasses:
ppp0 1 20*full/100 40*full/100 1
tcp-ack,tos-minimize-delay
ppp0 2 20*full/100 30*full/100 2
tos=0x68/0xfc,tos=0xb8/0xfc
ppp0 3 20*full/100 25*full/100 3
ppp0 4 40*full/100 85*full/100 4
ppp0 5 5*full/100 40*full/100 4 default
/etc/shorewall/tcdevices:
ppp0 25000kbit 830kbit
/etc/shorewall/tcrules:
1:T 0.0.0.0/0 0.0.0.0/0 icmp echo-request
1:T 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
1:T 0.0.0.0/0 0.0.0.0/0 tcp ssh
2:T 0.0.0.0/0 0.0.0.0/0 udp sip,iax
2:T 0.0.0.0/0 0.0.0.0/0 tcp sip,iax
3:T 0.0.0.0/0 0.0.0.0/0 tcp domain
3:T 0.0.0.0/0 0.0.0.0/0 udp domain
4:T 0.0.0.0/0 0.0.0.0/0 tcp www,https,smtp
5:T 0.0.0.0/0 0.0.0.0/0 tcp 4652
5:T 0.0.0.0/0 0.0.0.0/0 udp 4652
SAVE:T 0.0.0.0/0 0.0.0.0/0 all - -
- !0
Is my setup correct ?
Did I miss something obvious ?
Thanks
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
