This howto assumes a linux router with two network
interfaces. One is attached to WAN, the other to your LAN. Little Packets
and SSH should get high priorities. HTTP and HTTPS should only get a
maximum bandwidth from 1024kbit/s. All other traffic is absolutly low
priority and can only consome max. 1536kbit/s.
Now you have to decide between the following
situations:
- Scenario 1: There are no local services on the router which need to
be shaped. Only traffic to and from LAN has to be shaped.
- Scenario 2: There are local services (ftp, www) on the router which
need to be shaped. Also traffic to and from LAN has to be shaped.
If the second scenario apply to your configuration you will
have to use
IMQ
. For the first scenario shaping on the two router interfaces is
enough. See the
Documentation
for more information why you would need IMQ.
Scenario 1
- Inbound Bandwidth: 2048kbit/s
- Outbound Bandwidth: 2048kbit/s
- eth0 as Incoming Interface
- eth1 as Outgoing Interface
- Select no for "IMQ"
- Select "Router" for "Mode"
If you have any service
on the router which is only available for LAN clients these packets
shouldn't get shaped. In this situation set the Inbound Bandwidth to LAN
speed. You will control the the Inbound Bandwidth from WAN via the Chain
settings.
- Now we create the service levels:
- Name "Highest Priority"
- In-Bandwidth: 32kbit/s
- Out-Bandwidth: 32kbit/s
- Priority: Highest (1)
- Name "High Priority"
- In-Bandwidth: 128kbit/s
- Out-Bandwidth: 128kbit/s
- Priority: High (2)
- Name "Normal Traffic"
- In-Bandwidth: 128kbit/s
- In-Bandwidth?
Ceil: 1024kbit/s
- Out-Bandwidth: 128kbit/s
- Out-Bandwidth?
Ceil: 1024kbit/s
- Priority: Normal (3)
- Name "Low Priority"
- In-Bandwidth: 128kbit/s
- In-Bandwidth?
Ceil: 1536kbit/s
- Out-Bandwidth: 128kbit/s
- Out-Bandwidth?
Ceil: 1536kbit/s
- Priority: Low (4)
- Name "WAN Speed"
- In-Bandwidth: 2048kbit/s
- Out-Bandwidth: 2048kbit/s
- Priority: Ignore
- Now we create the filter definitions (this assumes that you let MasterShaper
Installer prefill protocol & port informations. If not add them
manually first):
- Name "HTTP & HTTPS"
- Protocols: TCP
- Ports: http & https
- Name "SSH"
- Protocols: TCP
- Ports: SSH
- Now go back to the MasterShaper
Options View and select the service level "Highest Priority" for the
"ACK Packets" option.
- Create a new chain "WAN"
- As service level specify "WAN Speed"
- As fallback service level specify "Low Priority"
- Leave targets on any & any for both directions.
- Now we create the pipes definitions:
- Name "Ping"
- Chain "WAN"
- Direction "<->"
- Select the "ICMP" filter
- Select service level "Highest Priority"
- Name "Remote Console"
- Chain "WAN"
- Direction "<->"
- Select the "SSH" filter
- Select service level "High Priority"
- Name "Web Traffic"
- Chain "WAN"
- Direction "<->"
- Select the "HTTP & HTTPS" filter
- Select service level "Normal Traffic"
- Go back to the chains view on create a new chain to ensure internal
LAN traffic will not be touched by the shaping ruleset:
- Name "LAN"
- Service Level "Ignore" (Fallback service gets irrelevant with
this option)
- Target select "LAN" <-> "LAN".
- Go to the Overview Site and move the "LAN"-Chain over the
"WAN"-Chain with the arrows. So the LAN will match first before the
"any" <-> "any" match.
Scenario 2
Scenario 2 is basically very
similar to Scenario 1. So only the differences will be highlighted
here:
- Prepare your kernel & iptables ready for IMQ. The following 4
lines will integrated the IMQ devices into the shaping business:
- ip link set imq0 up
- ip link set imq1 up
- iptables -t mangle -I PREROUTING -i eth0 -j IMQ --todev 0
- iptables -t mangle -I POSTROUTING -o eth1 -j IMQ --todev 1
- imq0 as Incoming Interface
- imq1 as Outgoing Interface
- You do not need to create the "LAN"-Chain anymore. Shaping will only
be done on eth0.
That's all.
See also
Wiki