Understanding traffic shaping

jfernandez · April 19, 2018, 9:00pm

NethServer Version: 7.4.1708

I have setup a NS7 gateway which my company uses for internet browsing. On this server I have 2 NIC, one has green role while the other has red role, no further setup is done regarding network (no VLAN, bonds …). I also install the proxy module and have it set it on Manual.

I need to set to low priority to any download (specially those done on userstorage.mega.co.nz) or MS Update. Also, I need to set to high priority whatsapp, messenger, wetransfer.com and gmail.

When it comes to traffic shaping using priorities, I’m confuse on the proper way of creating rules (Both on proxy rules or firewall rules)

I’m putting screen-shots showing what I have done so far:

Setting rules on the firewall [heimdall-remote] = [gateway public ip]. Are this rules destinations ok? What I want to archive here is to low the priority downloads and windows update and to also rise priority to whatsapp voice calls, this will be done to every company network terminal.

Setting rules on the proxy. As you can see on Rule #11 I’m trying to lower priority to several domains, including userstorage.mega.co.nz, yet every time a user issue a download on mega, his consumed bandwidth increases to 50-60% of our total bandwidth, meaning that everyone else connections sucks.

So could someone please tell me? What I’m doing wrong?

m.traeumner · April 20, 2018, 7:59am

Is

heimdall-remote direct_download_link

a firewall object? Can you show us the settings of this object?

filippo_carletti · April 20, 2018, 8:02am

Download traffic shaping will work better in NethServer 7.5. We will use a new feature available on 7.5.
Upload shaping works very well since NethServer 6.

jfernandez · April 20, 2018, 3:40pm

Sure do, here is:

m.traeumner · April 23, 2018, 7:00am

I’ve found a sentence from @giacomo:

the web interface is not integrated with firewall configuration, and often users forget to set the bandwidth of red interfaces

Did you do this?

jfernandez · April 23, 2018, 3:59pm

Set it when I first configured the server. I did what it stated here:

http://docs.nethserver.org/en/v7/firewall.html?highlight=bandwidth#traffic-shaping

and here:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-firewall-base.html?highlight=bandwidth#traffic-shaping

m.traeumner · April 24, 2018, 7:03am

@support_team Somebody else has an idea?

jfernandez · April 24, 2018, 2:31pm

Here is something, I went to Proxmox and disable eth0 (which connects to my enterprise LAN), connected into Proxmox terminal through SSH and into my gateway terminal through qm terminal ####, did 4 speedtest-cli to get an averaged upload/download speed, then changed bandwidth values on eth1 from contract specifications to this one and now gateway seems to be shaping traffic. I would like to do an iPerf to get better values but so far is OK. Thanks @m.traeumner for your support.

m.traeumner · April 25, 2018, 6:37am

You are welcome.

Could you please mark your topic as solved, or can we help anymore?

m.traeumner · April 26, 2018, 6:41am

A post was split to a new topic: Blocking services like whatsapp