PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Bandbreitenbegrenzung mit shorewall



flammenflitzer
22.02.2006, 17:42
Hallo
Ich habe shorewall mit ThreeInterfaces. Seit Version 3 gibt es die Möglichkeit, den Durchsatz der Netzwerkkarten zu begrenzen. Ich komme aber mit den Regeln nicht ganz klar. Kann mir jemand helfen?
Ich habe eth0 (Firewallrechner) eth1(Windowsrechner Lan) und eth2(Windowsrechner Lan) . eth2 möchte ich jetzt drosseln.
Ich habe in


tcdevices
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
eth2 20kbit 10kbit
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

und in


tcclasses
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
eth2 1 20kbit 10kbit 1 default
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

eingetragen.
Aber entweder reicht das nicht, oder es ist ein Fehler drin.

lordlamer
22.02.2006, 17:45
hi

ohne das ich mich jetzt auskenne zu dem thema. aber musst du vielleicht die kbit in byte umrechnen bzw in bit? also ohne k!?

mfg frank

flammenflitzer
23.02.2006, 17:34
cat tcdevices
...
# Example 1: Suppose you are using PPP over Ethernet (DSL)
# and ppp0 is the interface for this. The
# device has an outgoing bandwidth of 500kbit and an
# incoming bandwidth of 6000kbit
# ppp0 6000kbit 500kbit
cat tcclasses
# Example 1: Suppose you are using PPP over Ethernet (DSL)
# and ppp0 is the interface for this. You have 4 classes
# here, the first you can use for voice over IP
# traffic, the second interactive traffic (e.g.
# ssh/telnet but not scp), the third will be for all
# unclassified traffic, and the forth is for low
# priority traffic (e.g. peer-to-peer).
#
# The voice traffic in the first class will be
# guaranteed a minimum of 100kbps and always be
# serviced first (because of the low priority number,
# giving less delay) and will be granted excess
# bandwidth (up to 180kbps, the class ceiling) first,
# before any other traffic. A single VOIP stream,
# depending upon codecs, after encapsulation, can take
# up to 80kbps on a PPOE/DSL link, so we pad a little
# bit just in case. (TOS byte values 0xb8 and 0x68
# are DiffServ classes EF and AFF3-1 respectively and
# are often used by VOIP devices).
#
# Interactive traffic (tos-minimum-delay) and
# TCP acks (and ICMP echo traffic if you use the example
# in tcrules) and any packet with a mark of 2 will be
# guaranteed 1/4 of the link bandwidth, and may extend
# up to full speed of the link.
#
# Unclassified traffic and packets marked as 3 will be
# guaranteed 1/4th of the link bandwidth, and may extend
# to the full speed of the link.
#
# Packets marked with 4 will be treated as low priority
# packets. (The tcrules example marks p2p traffic as
# such.) If the link is congested, they're only
# guaranteed 1/8th of the speed, and even if the link is
# empty, can only expand to 80% of link bandwidth just
# as a precaution in case there are upstream queues we
# didn't account for. This is the last class to get
# additional bandwidth and the last to get serviced by
# the scheduler because of the low priority.
#
# ppp0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc
# ppp0 2 full/4 full 2 tcp-ack,tos-minimize-delay
# ppp0 3 full/4 full 3 default
# ppp0 4 full/8 full*8/10 4