1 |
> > After a lot of testing, these numbers seem to give me the best |
2 |
> > performance as far as bittorrent download speed. |
3 |
> > How can that be? Is DOWNLINK my upload and UPLINK my download? |
4 |
> |
5 |
> Hm, usually not. Are you by chance shaping the internal (i.e. LAN) |
6 |
> interface on a router? Then, of course, it would make sense (except |
7 |
> from the fact that shaping your actual bottle neck, i.e. Internet |
8 |
> connection, would make more sense). |
9 |
|
10 |
Thanks a lot for that. I switched the interface to eth0 and reversed |
11 |
the DOWNLINK and UPLINK values. |
12 |
|
13 |
> > I tried to define the bittorrent ports as a low priority like this: |
14 |
> > NOPRIOPORTSRC=6881:6999 |
15 |
> > NOPRIOPORTDST=6881:6999 |
16 |
> > |
17 |
> > but I get this when restarting shorewall: |
18 |
> > Illegal "match" |
19 |
> |
20 |
> In the wshaper source, the action happens here (and the same for *DST): |
21 |
> ---snip |
22 |
> for a in $NOPRIOPORTSRC |
23 |
> do |
24 |
> tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \ |
25 |
> match ip sport $a 0xffff flowid 1:30 |
26 |
> done |
27 |
> ---snip |
28 |
> |
29 |
> In this configuration, it expects a shell-separatable list of ports, |
30 |
> i.e. separated by whitespace. It will create a rule for each one. |
31 |
> |
32 |
> The dirty, easy way: |
33 |
> | NOPRIOPORTSRC=$(seq 6881 6999) |
34 |
> | NOPRIOPORTDST=$NOPRIOPORTSRC |
35 |
> |
36 |
> But I would rather extend wshaper by another (custom) line and dump your |
37 |
> NOPRIOPORT*-settings. |
38 |
> |
39 |
> The syntax is "match ip sport PATTERN MASK". The port of an incoming |
40 |
> packet is AND'ed w/ the MASK and compared to the PATTERN. |
41 |
> |
42 |
> e.g. "match ip sport 6880 0xffe0" would match 6880-6911, a further |
43 |
> "match ip sport 6912 0xffc0" would match 6912-6975. |
44 |
> |
45 |
> The advantage of this is simply speed/CPU cycles. Alternatively, you |
46 |
> could just use iptables to mark your packets (which probably means even |
47 |
> more precious CPU cycles). The wshaper script, however, doesn't use |
48 |
> iptables. |
49 |
|
50 |
I switched to wshaper from wshaper.htb and now ssh and browsing seem a |
51 |
lot more responsive. Could that be because I'm missing something in |
52 |
my kernel that I need for htb? I don't get any errors when restarting |
53 |
the firewall. |
54 |
|
55 |
One other thing is if I don't limit the upload rate within my |
56 |
bittorrent client, it really goes nuts and everything else suffers. I |
57 |
don't see how that's possible with UPLINK and the bittorrent source |
58 |
and destination ports defined. |
59 |
|
60 |
What I'd really like to do is limit the bittorrent upload rate so |
61 |
Verizon doesn't throttle my connection. Can I do that with The Wonder |
62 |
Shaper without limiting the total upload rate? I don't trust the |
63 |
bittorrent clients I use to limit it. |
64 |
|
65 |
- Grant |
66 |
-- |
67 |
gentoo-user@g.o mailing list |