Traffic Shaping

We've had m0n0wall managing our network for the past twenty days.  However, browsing the web seems to be getting slower and slower.

It's a 1.5MB line, providing for about 50 people.  I have run the traffic shaper wizard, and a whole lot of rules are in place, now including a few at the top that place ports 12000 - 65500 in the "hated" list.

However, looking at the firewall state seems to show that these ports are still quite active (probably BT), and browsing the web is often quite slow.  Any ideas or wisdom would be fantastic, especially from anyone in a similar situation.

What hardware are you using to run your m0n0 ? More over 1.5Mb (did you mean bits or bytes ?) is only 30kbps for each user, which is not much.........

Back to your problem, what are the rules you are using to put ports 12000 to 65500 into hated ? I.e.: did you put 12000 to 65500 ports as source ports into the rule ?

I'm using a 300MHz Celeron, with 64MB RAM.  Cpu usage hangs at around 2%, memory usage at 57%.

And yes, it's a 1.5 megabit connection.  Thankfully we rarely have everyone trying to use it at one time.

Here are the rules I have implemented, in addition to all the rules proposed by the traffic shaping wizard:

If   Proto   Source      Destination      Target                  Description
WAN   *   *         Port: 12000 - 65530   *                              m_Hated Download   
WAN   *   *         Port: 12000 - 65530   *                              m_Hated Upload
WAN   *   *                  *                     Port: 12000 - 65500    m_Hated Download    
WAN   *   *                  *                     Port: 12000 - 65500    m_Hated Upload

I would start by lowering your upstream bandwidth in the magic shaper wizard screen and applying the changes. Make sure you are using measured bandwidth; run an ftp test to see the actual bandwidth of the line. Your rules are not good btw, you are slowing down anything with a destination port 12000-65530. These are ports that web browsers use to retrieve data. Port 80 is only on the source side, based on your rules regular web browsing can end up rate limited like bit torrent. I would recommend you stick to the regular magic shaper wizard rules and try reducing your upstream a little bit.

Good luck

Your rules are not good btw, you are slowing down anything with a destination port 12000-65530. These are ports that web browsers use to retrieve data. Port 80 is only on the source side, based on your rules regular web browsing can end up rate limited like bit torrent. I would recommend you stick to the regular magic shaper wizard rules and try reducing your upstream a little bit.

Good luck

This is what is suspected to.......... This is why i asked him to post his rules details. When connecting to a web server, the remote server is listenning to port 80 but the local web browser might use a random port which might meet your rules criteria. As a matter of fact your web browsing trafic lands into the hated download queue.
I can only agree with you when you advice reducing the bw in the magic shaper. When using any sort of traffic shaping you should never input the bandwidth claimed by the ISP, but instead measure it by yourself. Additionally you may substract 5 to 10% to the actual measured BW. You may say : i will lose speed. Yes, you'll do but you will gain "smoothness".
One important thing to keep in mind when traffic shaping is that yxou must keep packets under your control. Sending/receiving packets to fast might cause queuing them at the ISP, where no shapping occurs (e.g.: web surfing packets are treated equally with P2P ones). This is were reducing the bw in the traffic shaper brings sense.

[very bottom]

I'm using a 300MHz Celeron, with 64MB RAM.  Cpu usage hangs at around 2%, memory usage at 57%.

And yes, it's a 1.5 megabit connection.  Thankfully we rarely have everyone trying to use it at one time.

Here are the rules I have implemented, in addition to all the rules proposed by the traffic shaping wizard:

If   Proto   Source      Destination      Target                  Description
WAN   *   *         Port: 12000 - 65530   *                              m_Hated Download   
WAN   *   *         Port: 12000 - 65530   *                              m_Hated Upload
WAN   *   *                  *                     Port: 12000 - 65500    m_Hated Download    
WAN   *   *                  *                     Port: 12000 - 65500    m_Hated Upload

You are definitely going at this all wrong. Data will go out to from any port to a specific port on the server. The data then returns like a mirrored reflection. Your rules are killing most everything.

What you want to do is to create rules for good traffic(i.e. DNS, FTP, HTTP & HTTPS, etc...) and get the other junk (i.e. P2P) with a catch all. Be sure the catch all is at the very bottom of the list!!!!

Here is example of my rules using HTTP and HTTPS.

IF	Proto	Source	Destination	Target	Descritption
WAN	*	*	Port: 80 (HTTP)	Upload 30	HTTP
WAN	*	Port: 80 (HTTP)	*	Download 30	HTTP
WAN	*	*	Port: 443 (HTTP)	Upload 30	HTTPS
WAN	*	Port: 443 (HTTP)	*	Download 30	HTTPS
WAN	*	*	*	Upload 1	Catch All Upload
WAN	*	*	*	Download 1	Catch All Download

I have my targets set with the direction and weight as their names.

So Download 1 is a download with weight of 1 and Download 30 is a download with weight of 30.
This is how my box is setup and it seems to work very well.