I work a t a public library and currently have a T1 (Cox fiber) and a linux router. We are using wondershaper.htb to shape our traffic. We have about 60 machines that access the internet. For the last year and half the bandwidth shaping has been working great, when we are maxed out people are still able to browse the web. But recently (last month or 2) I have noticed when we are maxed out (using MRTG on another linux system) everything comes to a screeching halt. Come to find out it's Limewire using up all the bandwidth. We get one person downloading five or six movies and we are unable to even browse the web (I mean we still can but it is REALLY slow, worse than dialup). With my firewall (Sonicwall, switching to linux soon) I can see who is sucking up the bandwidth (250 megs downloaded in 20 minutes from one machine whereas the next closest person was 7 or 8 megs) and everytime it has been Limewire in use. Here are 2 wonder shaper scripts we have tried. Can anyone clue me in as to what we may be doing wrong? Thanks
Code:
#!/bin/bash
# Wonder Shaper
# please read the README before filling out these values
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits. Also set the device that is to be shaped.
PATH=/sbin
DOWNLINK=1400
UPLINK=1400
DEV=eth0
# low priority OUTGOING traffic - you can leave this blank if you want
# low priority source netmasks
NOPRIOHOSTSRC=
# low priority destination netmasks
NOPRIOHOSTDST=
# low priority source ports
NOPRIOPORTSRC=
# low priority destination ports
NOPRIOPORTDST="411 412 1214 1215 1216 3128 3536 4661 4662 4665 6346 6347 6348 6349 6350 6351 6352 6699 7729 7730 7731 7732 7733 7734 7735"
if [ "$1" = "status" ]
then
tc -s qdisc ls dev $DEV
tc -s class ls dev $DEV
exit
fi
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root && echo "Root queue cleared."
tc qdisc del dev $DEV ingress && echo "Ingress queue cleared."
if [ "$1" = "stop" ]
then
exit
fi
###### uplink
# install root HTB, point default traffic to 1:20:
tc qdisc add dev $DEV root handle 1: htb default 20
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
# high prio class 1:10:
tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
burst 6k prio 1
# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
burst 6k prio 2
tc class add dev $DEV parent 1:1 classid 1:30 htb rate $[8*$UPLINK/10]kbit \
burst 6k prio 2
# all get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
# some traffic however suffers a worse fate
for a in $NOPRIOPORTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
match ip dport $a 0xffff flowid 1:30
done
for a in $NOPRIOPORTSRC
do
tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \
match ip sport $a 0xffff flowid 1:30
done
for a in $NOPRIOHOSTSRC
do
tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \
match ip src $a flowid 1:30
done
for a in $NOPRIOHOSTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \
match ip dst $a flowid 1:30
done
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \
match ip dst 0.0.0.0/0 flowid 1:20
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
tc qdisc add dev $DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
echo "WonderShaper loaded."
Here is the other one we have tried.
Code:
#!/bin/bash
# Wonder Shaper
# please read the README before filling out these values
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits. Also set the device that is to be shaped.
PATH=/sbin
DOWNLINK=1400
UPLINK=1400
DEV=eth0
DEV2=eth1
DEV3=eth2
# low priority OUTGOING traffic - you can leave this blank if you want
# low priority source netmasks
NOPRIOHOSTSRC=
# low priority destination netmasks
NOPRIOHOSTDST=
# low priority source ports
NOPRIOPORTSRC=
# low priority destination ports
NOPRIOPORTDST="411 412 1214 1215 1216 3128 3536 4661 4662 4665 6346 6347 6348 6349 6350 6351 6352 6699 7729 7730 7731 7732 7733 7734 7735"
if [ "$1" = "status" ]
then
tc -s qdisc ls dev $DEV
tc -s class ls dev $DEV
exit
fi
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root && echo "Root queue cleared."
tc qdisc del dev $DEV2 root && echo "Root queue cleared."
tc qdisc del dev $DEV3 root && echo "Root queue cleared."
tc qdisc del dev $DEV ingress && echo "Ingress queue cleared."
if [ "$1" = "stop" ]
then
exit
fi
###### uplink
# install root HTB, point default traffic to 1:20:
tc qdisc add dev $DEV root handle 1: htb default 20
tc qdisc add dev $DEV2 root handle 1: htb default 20
tc qdisc add dev $DEV3 root handle 1: htb default 20
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
tc class add dev $DEV2 parent 1: classid 1:1 htb rate 100000kbit burst 6k
tc class add dev $DEV3 parent 1: classid 1:1 htb rate 100000kbit burst 6k
# high prio class 1:10:
tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit burst 6k prio 1
tc class add dev $DEV2 parent 1:1 classid 1:10 htb rate 100000kbit burst 6k prio 1
tc class add dev $DEV3 parent 1:1 classid 1:10 htb rate 100000kbit burst 6k prio 1
# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit burst 6k prio 2
tc class add dev $DEV2 parent 1:1 classid 1:20 htb rate 100000kbit burst 6k prio 2
tc class add dev $DEV3 parent 1:1 classid 1:20 htb rate 100000kbit burst 6k prio 2
tc class add dev $DEV parent 1:1 classid 1:30 htb rate $[5*$UPLINK/10]kbit burst 6k prio 2
tc class add dev $DEV2 parent 1:1 classid 1:30 htb rate 200kbit burst 6k prio 2
tc class add dev $DEV3 parent 1:1 classid 1:30 htb rate 200kbit burst 6k prio 2
# all get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $DEV2 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV2 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV2 parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $DEV3 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV3 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV3 parent 1:30 handle 30: sfq perturb 10
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10
tc filter add dev $DEV2 parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10
tc filter add dev $DEV3 parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10
tc filter add dev $DEV2 parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10
tc filter add dev $DEV3 parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
tc filter add dev $DEV2 parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
tc filter add dev $DEV3 parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
# some traffic however suffers a worse fate
for a in $NOPRIOPORTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 14 u32 match ip dport $a 0xffff flowid 1:30
tc filter add dev $DEV2 parent 1: protocol ip prio 14 u32 match ip dport $a 0xffff flowid 1:30
tc filter add dev $DEV3 parent 1: protocol ip prio 14 u32 match ip dport $a 0xffff flowid 1:30
done
for a in $NOPRIOPORTSRC
do
tc filter add dev $DEV parent 1: protocol ip prio 15 u32 match ip sport $a 0xffff flowid 1:30
tc filter add dev $DEV2 parent 1: protocol ip prio 15 u32 match ip sport $a 0xffff flowid 1:30
tc filter add dev $DEV3 parent 1: protocol ip prio 15 u32 match ip sport $a 0xffff flowid 1:30
done
for a in $NOPRIOHOSTSRC
do
tc filter add dev $DEV parent 1: protocol ip prio 16 u32 match ip src $a flowid 1:30
tc filter add dev $DEV2 parent 1: protocol ip prio 16 u32 match ip src $a flowid 1:30
tc filter add dev $DEV3 parent 1: protocol ip prio 16 u32 match ip src $a flowid 1:30
done
for a in $NOPRIOHOSTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 17 u32 match ip dst $a flowid 1:30
tc filter add dev $DEV2 parent 1: protocol ip prio 17 u32 match ip dst $a flowid 1:30
tc filter add dev $DEV3 parent 1: protocol ip prio 17 u32 match ip dst $a flowid 1:30
done
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
tc filter add dev $DEV parent 1: protocol ip prio 18 u32 match ip dst 0.0.0.0/0 flowid 1:20
tc filter add dev $DEV2 parent 1: protocol ip prio 18 u32 match ip dst 0.0.0.0/0 flowid 1:20
tc filter add dev $DEV3 parent 1: protocol ip prio 18 u32 match ip dst 0.0.0.0/0 flowid 1:20
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
tc qdisc add dev $DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
echo "WonderShaper loaded."
Thanks for any suggestions.
