Tag Archives: shorewall

gaming via fon, belgacom|skynet (shorewall & gaming)

Hello interwebs,

The past 2 days i’ve been playing with shorewall’s traffic shaping and reading the lartc.
Long story short: succes!

  • goal: game with a good ping (latency) for everybody on a private lan party (~10 people)
  • problem: when pepole are surfing, gaming becomes impossible due to hig ping
    • bandwith
      we use a fon hotspot to use internet, wich has limited bandwith (~2,8Mbit if we’re lucky)
      If the people who host the fon spot use internet or tv, the fon users get what’s left!
    • me me me!
      everybody want’s to be gaming and surfing and stream footbal matches and updating steam games and downloading pron;
      there is to much traffic and to few bandwidth
  • solution
    since we had an excisting firewall with shorewall (laptop + alfanetwork awus036nh wifi adapter, fully auto reconnecting & login) i chose to investigate the traffic shaper include.

    • first we need to check what the average bandwidth is, as a reference.  This is done via a speedtest.  This was 2,8Mbit download and 2,8Mbit upload! (note: the traffic shaping was still disabled)
    • now we can configure shorewall to do some traffic shaping:
      create 3 files in /etc/shorewall:

      1. tcdevices, this is where we define what interface we will be using for the shaping.  I chose a safe in and out bandwidth (~85% of the bandwidth we got from the speedtest).  Note: this has to be lower then the speedtest bandwidth.  (read notes below)
        #INTERFACE    IN-BANDWITH      OUT-BANDWIDTH
        wlan1         2400kbit         240kbit
      2. tcclasses, this defines wich priorities i want and how many bandwidth they get guaranteed (RATE), and the maximum bandwith they’ll get if there is room (CEIL).
        note: there has to be one class marked as default, this is where al undefined traffic goes (see next item: tcrules)

        #INTERFACE   MARK    RATE      CEIL    PRIORITY    OPTIONS
        wlan1        1       full/3    full    1           tos-minimize-delay
        wlan1        2       full/4    full    2
        wlan1        3       full/4    full    3           default
      3. tcrules, here you define what port, ip or protocol the packet will use what class.
        you ‘mark’ the packet with a number (ACTION), that corresponds with a class mark (defined in tcclasses)
        This is a very crude example, all echo-request&echo-reply + udp packets will get top priority.  Oh and the tcp/1119 port.
        All other traffic wil go to class 3, wich has the lowes priority; as you read the previous part you will note that this isn’t nessesary because all traffic defaults to class 3 (lowest priority)

        #ACTION  SOURCE       DEST        PROTO   PORT(S)      CLIENT   USER
        #                                                          PORT(S)
        1        0.0.0.0/0    0.0.0.0/0   icmp       echo-request
        1        0.0.0.0/0    0.0.0.0/0   icmp       echo-reply
        1        0.0.0.0/0    0.0.0.0/0   udp
        1        0.0.0.0/0    0.0.0.0/0   tcp        1119         # blizzard games
        3        0.0.0.0/0    0.0.0.0/0   tcp

testing

For testing assured the link was not used.  I started quake3 an connected to an internet server.  The average latency was 60ms.  I then started downloading iso files, sending large mail’s, watching youtube, the latency in quake3 stayed below 80ms.
This is good, without the traffic shaping it jumped to 600-1000ms and higher when people started surfing and uploading.

conclusion

succes!  We now can game and use the internet without the gaming being disturbed!!
For more info/explenations you always can contact me: info <-at-> vanmontfort </dot/> be

note:

  • fon_belgacom hotspots have priorities: the paying customer always gets what he pays for (internet and/or tv), then the fon users get what’s left.  If the user is heavily using torrents and watching HD-tv, fon hotspot might get much less then 2800Mbit.  If this happens you can lower the IN-BANDWITH in tcdevices.
  • all udp traffic is getting high priority, this means dns, torrent, … .  the tcrules could be refined with the correct game ports and removing the all udp rule.