FAQ
From MasterShaper
Rules
- I'm using iptables filter matching. The rules are loaded but the traffic doesn't get matched.
MasterShapers iptables matching is highly relying upon conntracking. Check if the kernel module ip_conntrack is loaded
lsmod | grep ip_conntrack
If the module doesn't appear to be loaded, try to load it with
modprobe ip_conntrack
It's also possible that ip_conntrack is compiled into your kernel. So check your kernel configuration.
- I'm using iptables filter matching and what to match ftp-data channel. The rules are loaded but the data channel stream doesn't get matched.
To match the ftp data channel MasterShaper need the conntracking ftp helper module. Check if the kernel module ip_conntrack_ftp is loaded
lsmod | grep -i ip_conntrack_ftp
If not try to load it with
modprobe ip_conntrack_ftp
It's also possible that ip_conntrack_ftp is compiled into your kernel. So check your kernel configuration.
- I'm using iptables filter matching. When I restart my firewall, shaping is not working anymore.
Probably your firewall script flushes all the chains within the mangle table (iptables -t mangle -F).
This would also remove all of MasterShaper's entries and would deactivate shaping. Make sure your firewall script leave this entries completely untouched.
- On loading the rules I get the error: TC-Error: RTNETLINK answers: Operation not permitted
Q: On loading the rules I get the error: TC-Error: RTNETLINK answers: Operation not permitted. What causes this?
A: This sounds like PHP - if it tries to reload the rules - has not the permissions to talk with the kernel. I guess (hopefully) your webserver is running without root permissions, so you need to do a workaround with sudo.
Install sudo and edit the file /etc/sudoers and add the line
Code: www-data ALL= NOPASSWD: /sbin/tc
(If www-data is your webserver user).
Open the MasterShaper Installer and specify "sudo /bin/tc" as "TC Binary".
Messages
- The summary of all guarantee XXX rate is higher XXX then the available...
Q: I'm looking on the MasterShaper Overview page and see some warnings like:
The summary of all guaranteed inbound rates is higher (1600kbit/s) then the available chain rate (1536kbit/s)! The summary of all guaranteed outbound rates is higher (1600kbit/s) then the available chain rate (1536kbit/s)!
A: This warning message appears when the summary of all pipes bandwidth rates within a chain is higher then the maximum chain bandwidth.
Think about you have a max bandwidth of 1536kbit/s. You have 4 pipes - each has guaranteed 512kbit/s. In summary of this gives a maximum bandwidth for all pipes of __2048kbit/s__. The chain only has a maximum bandwidth of __1536kbit/s__.
So the resulting behaviour of the shaper is undefined and in an heavy network traffic condition the traffic will not be shared like defined in the ruleset!
Other
- I can not open the installer anymore!
Q: After I installed MasterShaper, I can't access the MasterShaper Installer (/setup/) anymore.
A: Of course of security risks (plaintext password, using dangerous binaries for TC_BIN and IPT_BIN), MasterShaper Installer change it own file permissions to 0000, so the page can't be accessed via, the webbrowser anymore.
Open a shell, go to your MasterShaper Installation directory, and do a
chmod +r setup/index.php
Then you can access the MasterShaper Installer website again.
- The monitoring graph isn't working.
Q: I only see a error image (for example little red X in internet eplorer). What's wrong?
A: Check that:
- ) JPGraph is installed in the correct location (see MasterShaper documentation).
- ) PHP4 supports GD-library (see MasterShaper documentation).
- ) Right click on the error-image. Get the URL of the image. Enter the path into your Browser (http://xxxx/shaper/shaper_stats.php?.....) and check if you see some error messages.
- ) If you see an php error message like "memory exhaust ..." go to your php.ini (check the PHP website for more information!) and raise the parameter "memory_limit" to something higher then your current setup. Restart your webserver and check the Image-URL again.
- ) If you get a error image that the collector isn't running - start it! without you will not get any statistic information!
It's to 99% a configuration fault.
- Do I really need IMQ devices?
Q: I often read that shaping is only really useful in combination with IMQ devices. Do I really need it?
A: Yes and no.
Like you know (from reading the MasterShaper documentation Wink ) the traffic control functions are very useful for outbound traffic - not for inbound. The reason is, because you are sitting on the false site of the network stream. For inbound you have only the change to slow down/drop/reject traffic.
But people wanted the some shaping possibilities for ingress like egress traffic. To make this possible, some guys wrote the Intermediate Queueing Device (IMQ).
Let's say you have a webserver with only one network interface. If you want to limit the inbound traffic (ftp uploads for example) you need IMQ to make shaping on this single network interface possible.
If you are on a gateway (one interface for WAN, one for LAN), you can also do the job without IMQ. Shape the outbound internet traffic on the WAN interface - the inbound internet traffic on the LAN interface - Because there inbound internet traffic is outbound!
But remember, that you can't shape traffic which is directly flowing to your gateway (http proxy on it...) - because shaping is only done on the internal interface.
- After I restarted MySQL database, graph isn't working anymore
Q: After I restarted MySQL database, graph isn't working anymore
A: Some of the MySQL tables are memory-only tables (type=HEAP, type=MEMORY).
The content of these tables only exists in the memory and get lost after a shutdown of the MySQL database. The adavantage of memory-only tables is performance.
Simply reload the ruleset, then everything should work again.
- I have the first page working fine but after i go to third page (..../setup/index.php) nothing is diplayed, can some one help me
