I have a 1.1 meg sDSL line.
I wanted to make an easy setup.
I don't care about protocols and all that. I just want to give highest priority to a single computer.
Those who manage the internet for their home can utilize this for their own nefarious ends.
Here is my understanding of the shaping on M0n0wall:
Traffic is sent to Rules, then the Rules send the traffic to Queues, and finally the Queues send traffic to Pipes which send traffic to the internet or the local computer.Lets Begin.
First the Pipes. I need 2; incoming and outgoing.
Each pipe is 950kb because I have 950kb incoming and 950kb outgoing. sDSL remember.
Next the queues: I need 4. One set of incoming and outgoing for high priority and one set of incoming and outgoing for low priority.
To set the priority you assign a number (or weight) to the queue from 1 to 100.
For each set of queues (in and out) I made one 90 weight queue and one 10 weight queue.
Thus I have a 90 weight incoming queue which uses the 950kb incoming Pipe, and 90 weight outgoing queue which uses the the 950kb outgoing Pipe, a 10 weight incoming queue on the 950kb Pipe, and a 10 weight outgoing queue on the 950kb Pipe.
So 2 incoming queues are on the same 950kb incoming pipe, and 2 outgoing queues are on the same 950kb outgoing pipe.
Think of it in terms of percentages.
One queue uses 90 percent of the 950kb incoming pipe and the other queue uses 10 percent of the same 950kb incoming pipe.
Now the rules:
Rules go top down. The topmost rule is applied first. If nothing matches, then the next rule is applied until there are no more rules.
If no rule matches, then the traffic is passed normally and is not shaped at all.
You need a cleanup set of rules to make sure all traffic is shaped, otherwise you do all of this for nothing.
My rules are like this:
first: Target is 90 weight outgoing, Interface is LAN, Source is the ip of my computer, ports are any, destination is any, ports are any. (Remember I'm not messing with specific protocols.) Direction is out.
second: Target is 90 weight incoming queue, Interface is WAN. Source is any, ports are any- destination is the ip of my computer, ports are any. Direction is in.
Cleanup rules.
They are set just like the above 2 rules, but these rules use the 10 weight queues. Also these rules are applied to the
lan subnet instead of my computers IP. Basically it means that any computer not mine on the lan gets dumped into these queues.
third: Target is 10 weight outgoing queue, Interface is LAN, Source is
Lan Subnet, ports are any, destination is any, ports are any. Remember I'm not messing with specific protocols. Direction is out.
fourth: Target is 10 weight incoming queue, Interface is WAN, Source is any, ports are any- destination is
Lan Subnet, ports are any. Direction is in.
The way this should work is everyone has the opportunity to get full bandwith, untill my computer starts sending and receiving internet traffic. Then my computer gets to hog the bandwidth. Nice
Extra fun. What if you have 2 computers you want to have the top priority?
Make another set of rules? Fine, but why make a set of rules for each computer? That could be a lot of typing if you have 50 computers and you want 12 to have top priority. Make 12 sets of rules?
I don't think so.
Instead, go to google and source up a subnet calculator. Type in your network ID and then find a subnet that holds the number of computers you need to have a special rule.
So lets say my network's IP range is 192.168.1.0-192.168.1.255 Mask 255.255.255.0
I have a set of 12 computers I want to get top priority, and the rest can suffer.
I use a subnet calculator and set it to give me subnets that hold a number of IPs closest to the number of computers I need to give priority.
(http://i29.tinypic.com/307syrs.gif)
Which gave me the subnet ID 192.168.1.16/28.
This subnet holds the IPs 192.168.1.17-192.168.1.30. 14 IP addresses.
So instead of making a rule for a
single IP or the
Lan Subnet, I make a rule for
Network and plug in the network ID and Subnet mask bits: 192.168.1.16 and /28.
(http://i26.tinypic.com/qplzpw.gif)
Best part is m0n0wall doesn't really care about the subnet mask so you only have to make sure your computers are in the IP range 192.168.1.17-192.168.1.30.
You don't have to change the subnet mask on the computer either. You can leave it at 255.255.255.0.
Hope this helps.