MasterShaper on a Linux-Router

From MasterShaper

Jump to: navigation, search

This howto assumes a linux router with two network interfaces. One is attached to WAN, the other to your LAN. Little Packets and SSH should get high priorities. HTTP and HTTPS should only get a maximum bandwidth from 1024kbit/s. All other traffic is absolutly low priority and can only consome max. 1536kbit/s.

Image:Howto_router_diagramm.png

Now you have to decide between the following situations:

  • Scenario 1: There are no local services on the router which need to be shaped. Only traffic to and from LAN has to be shaped.
  • Scenario 2: There are local services (ftp, www) on the router which need to be shaped. Also traffic to and from LAN has to be shaped.

If the second scenario apply to your configuration you will have to use IMQ. For the first scenario shaping on the two router interfaces is enough. See the Documentation for more information why you would need IMQ.

Scenario 1

  • Install MasterShaper like described in the Documentation
  • After successful installation go to the MasterShaper Options and enter
    • Inbound Bandwidth: 2048kbit/s
    • Outbound Bandwidth: 2048kbit/s
    • eth0 as Incoming Interface
    • eth1 as Outgoing Interface
    • Select no for "IMQ"
    • Select "Router" for "Mode"

If you have any service on the router which is only available for LAN clients these packets shouldn't get shaped. In this situation set the Inbound Bandwidth to LAN speed. You will control the the Inbound Bandwidth from WAN via the Chain settings.

  • Now we create the service levels:
    • Name "Highest Priority"
      • In-Bandwidth: 32kbit/s
      • Out-Bandwidth: 32kbit/s
      • Priority: Highest (1)
    • Name "High Priority"
      • In-Bandwidth: 128kbit/s
      • Out-Bandwidth: 128kbit/s
      • Priority: High (2)
    • Name "Normal Traffic"
      • In-Bandwidth: 128kbit/s
      • In-Bandwidth Ceil: 1024kbit/s
      • Out-Bandwidth: 128kbit/s
      • Out-Bandwidth Ceil: 1024kbit/s
      • Priority: Normal (3)
    • Name "Low Priority"
      • In-Bandwidth: 128kbit/s
      • In-Bandwidth Ceil: 1536kbit/s
      • Out-Bandwidth: 128kbit/s
      • Out-Bandwidth Ceil: 1536kbit/s
      • Priority: Low (4)
    • Name "WAN Speed"
      • In-Bandwidth: 2048kbit/s
      • Out-Bandwidth: 2048kbit/s
      • Priority: Ignore
  • Now we create the filter definitions (this assumes that you let MasterShaper Installer prefill protocol & port informations. If not add them manually first):
    • Name "HTTP & HTTPS"
      • Protocols: TCP
      • Ports: http & https
    • Name "SSH"
      • Protocols: TCP
      • Ports: SSH
    • Name "ICMP"
      • Protocols: ICMP
  • Now go back to the MasterShaper Options View and select the service level "Highest Priority" for the "ACK Packets" option.
  • Create a new chain "WAN"
    • As service level specify "WAN Speed"
    • As fallback service level specify "Low Priority"
    • Leave targets on any & any for both directions.
  • Now we create the pipes definitions:
    • Name "Ping"
      • Chain "WAN"
      • Direction "<->"
      • Select the "ICMP" filter
      • Select service level "Highest Priority"
    • Name "Remote Console"
      • Chain "WAN"
      • Direction "<->"
      • Select the "SSH" filter
      • Select service level "High Priority"
    • Name "Web Traffic"
      • Chain "WAN"
      • Direction "<->"
      • Select the "HTTP & HTTPS" filter
      • Select service level "Normal Traffic"
  • Create a new Target:
    • Name "LAN"
      • Match IP: 192.168.1.0/24
  • Go back to the chains view on create a new chain to ensure internal LAN traffic will not be touched by the shaping ruleset:
    • Name "LAN"
      • Service Level "Ignore" (Fallback service gets irrelevant with this option)
      • Target select "LAN" <-> "LAN".
  • Go to the Overview Site and move the "LAN"-Chain over the "WAN"-Chain with the arrows. So the LAN will match first before the "any" <-> "any" match.
  • Load the ruleset.

Scenario 2

Scenario 2 is basically very similar to Scenario 1. So only the differences will be highlighted here:

  • Prepare your kernel & iptables ready for IMQ. The following 4 lines will integrated the IMQ devices into the shaping business: 
ip link set imq0 up
ip link set imq1 up
iptables -t mangle -I PREROUTING -i eth0 -j IMQ --todev 0
iptables -t mangle -I POSTROUTING -o eth0 -j IMQ --todev 1
  • In MasterShaper Options specify:
    • imq0 as Incoming Interface
    • imq1 as Outgoing Interface
    • Set "IMQ" to "Yes"
  • You do not need to create the "LAN"-Chain anymore. Shaping will only be done on eth0.

That's all.

See also

Retrieved from "http://www.mastershaper.org/index.php/MasterShaper_on_a_Linux-Router"
Personal tools