Understanding traffic shaping

(Juan Carlos Fernandez) #1

NethServer Version: 7.4.1708

I have setup a NS7 gateway which my company uses for internet browsing. On this server I have 2 NIC, one has green role while the other has red role, no further setup is done regarding network (no VLAN, bonds …). I also install the proxy module and have it set it on Manual.

I need to set to low priority to any download (specially those done on userstorage.mega.co.nz) or MS Update. Also, I need to set to high priority whatsapp, messenger, wetransfer.com and gmail.

When it comes to traffic shaping using priorities, I’m confuse on the proper way of creating rules (Both on proxy rules or firewall rules)

I’m putting screen-shots showing what I have done so far:

Setting rules on the firewall [heimdall-remote] = [gateway public ip]. Are this rules destinations ok? What I want to archive here is to low the priority downloads and windows update and to also rise priority to whatsapp voice calls, this will be done to every company network terminal.

Setting rules on the proxy. As you can see on Rule #11 I’m trying to lower priority to several domains, including userstorage.mega.co.nz, yet every time a user issue a download on mega, his consumed bandwidth increases to 50-60% of our total bandwidth, meaning that everyone else connections sucks.

So could someone please tell me? What I’m doing wrong?

(Michael Träumner) #2


heimdall-remote direct_download_link

a firewall object? Can you show us the settings of this object?

(Filippo Carletti) #3

Download traffic shaping will work better in NethServer 7.5. We will use a new feature available on 7.5.
Upload shaping works very well since NethServer 6.

(Juan Carlos Fernandez) #4

Sure do, here is:

(Michael Träumner) #5

I’ve found a sentence from @giacomo:

the web interface is not integrated with firewall configuration, and often users forget to set the bandwidth of red interfaces

Did you do this?

(Juan Carlos Fernandez) #6

Set it when I first configured the server. I did what it stated here:


and here:


(Michael Träumner) #7

@support_team Somebody else has an idea?

(Juan Carlos Fernandez) #8

Here is something, I went to Proxmox and disable eth0 (which connects to my enterprise LAN), connected into Proxmox terminal through SSH and into my gateway terminal through qm terminal ####, did 4 speedtest-cli to get an averaged upload/download speed, then changed bandwidth values on eth1 from contract specifications to this one and now gateway seems to be shaping traffic. I would like to do an iPerf to get better values but so far is OK. Thanks @m.traeumner for your support.

(Michael Träumner) #9

You are welcome.

Could you please mark your topic as solved, or can we help anymore?

Blocking services like whatsapp
(Michael Träumner) #10

A post was split to a new topic: Blocking services like whatsapp