[plug] Software/Method Suggestions for Gateway
W.Kenworthy
billk at iinet.net.au
Tue Apr 19 10:59:03 WST 2005
On Tue, 2005-04-19 at 10:30 +0800, Craig Ringer wrote:
> On Tue, 2005-04-19 at 09:29 +0800, Timothy White wrote:
>
> > I'm looking for a way to 'shape' and prioritise traffic.
>
> Check out the list archives, this has been discussed before. Keywords
> and things to look into:
> WonderShaper, HTB, LART/LARTC, lartc.org, CBQ, tc
>
> I rolled my own setup using HTB. It took aaages to get right, but worked
> very well until I introduced an 802.11b interface on the gateway (which
> now has three "internal" interfaces (two in regular use), and one
> external one). I never got around to figuring out how to handle that.
>
> If you can find a canned solution, I'd recommend using that.
>
monmotha works well as a firewall script that I use as the basis of my
inet/lan connection management - a good script that is modifiable to do
things like add a wireless gateway (which I am about to move to a
separate interface to ease openvpn tunneling over wireless). Have run
it on multiple lans (cat5 and coax) to an adsl modem via my gentoo
gateway for inet access in the past. Reccomended.
> > All the computers use LineControl to dialup so I can run a firewall
> rule
> > for each computer to give them access to the Internet when they say they
> > are connected.
> > The firewall rules will allow all computers on the network access to
> > pop, imap, and smtp regardless of their LC state.
>
> NFI about this LineControl stuff, though the firewall rules should be
> simple if it doesn't entirely rewrite your iptables rules each time
> something changes.
>
> > But I need each computer to get an equal share of the bandwidth and also
> > for traffic priotising to occur (so web browsing can continue while
> > files are being downloaded, and so that mail (smtp,pop) also keep
> > flowing while lots of people are using the net.
> > Anybody know of a way to do this?
>
> I just hardcoded the bandwidth shares for the number of hosts I had. Any
> leftover is shared out, so it worked quite well even when only one or
> two hosts were active.
>
Atomic magazine had an article on implementing traffic shaping on linux
from an iinet staff guru. Also gave an excellent readable and
comprehensive explanation of how and why. I modified the basics and
added to my monmotha script. Works well. Once you get past the teenage
language, there are some good ideas info in this magazine (i.e., you
have to take the weird/odd/bad with the good!)
> >
> > Also Dad wants to have a graphical tool that will allow him to view all
> > connections from the LAN to the Internet, it needs to show destination,
> > source, type, rate up/down, and if possible what service it is (ssh,
> > http, imap, pop...) all in real time. Any suggestions?
>
> apt-get install etherape
>
I second etherape for graphical display. iptop can also give a very
usable text display that works over ssh terminal sessions.
> > All the connections are NATed or through the transparent Squid Proxy.
>
> Etherape will handle NAT fine IIRC, but probably won't show transproxied
> HTTP as "direct" between Internet host and internal host.
>
> --
> Craig Ringer
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
More information about the plug
mailing list