[Shorewall-users] Basic traffic shaping

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm fairly new to shorewall (I used to be a FIAIF user).

I'm basically trying to setup traffic shaping on my firewall/gateway.

I'd like to get highest prio for interactive traffic (SSH, but not SCP)
I'd like guaranteed bandwidth for VoIP traffic
I'd like guaranteed bandwidth for DNS traffic
I'd like guaranteed bandwidth for WWW traffic
I'd like best effort for the rest.

Here is how I did config shorewall:

/etc/shorewall/tcclasses:
ppp0        1     20*full/100   40*full/100     1 
tcp-ack,tos-minimize-delay
ppp0        2     20*full/100   30*full/100     2 
tos=0x68/0xfc,tos=0xb8/0xfc
ppp0        3     20*full/100   25*full/100     3
ppp0        4     40*full/100   85*full/100     4
ppp0        5     5*full/100    40*full/100     4                  default

/etc/shorewall/tcdevices:
ppp0         25000kbit          830kbit

/etc/shorewall/tcrules:
1:T             0.0.0.0/0       0.0.0.0/0       icmp    echo-request
1:T             0.0.0.0/0       0.0.0.0/0       icmp    echo-reply
1:T             0.0.0.0/0       0.0.0.0/0       tcp     ssh
2:T             0.0.0.0/0       0.0.0.0/0       udp     sip,iax
2:T             0.0.0.0/0       0.0.0.0/0       tcp     sip,iax
3:T             0.0.0.0/0       0.0.0.0/0       tcp     domain
3:T             0.0.0.0/0       0.0.0.0/0       udp     domain
4:T             0.0.0.0/0       0.0.0.0/0       tcp     www,https,smtp
5:T             0.0.0.0/0       0.0.0.0/0       tcp     4652
5:T             0.0.0.0/0       0.0.0.0/0       udp     4652
SAVE:T          0.0.0.0/0       0.0.0.0/0       all     -             - 
       -       !0

Is my setup correct ?

Did I miss something obvious ?

Thanks