Some more tips and tricks

[georgoz]

Code:

    match u8 0x10 0xff at 33 \
    flowid 1:10
 
# some traffic suffers a better fate
for a in $HIPRIOPORTDST
do
       tc filter add dev $DEV parent 1: protocol ip prio 14 32 \
          match ip dport $a 0xffff flowid 1:10
done
 
# some traffic however suffers a worse fate
for a in $NOPRIOPORTDST
 do

Hi wirespot,
I have followed your tut to hack Wondershaper but I ran into some problems.
First of all making changes to /sbin/wshaper is impossible, so I made a copy in /usr/local/sbin and modified it here and running it from post-firewall. Is this ok?
The second problem I have noticed were this warning when I was trying to start wshaper manually:

Code:

wshaper start eth1 400 190 "" "" "" "" "20 21 22 25 110 143 80 443 587 995"
Unknown filter "32", hence option "match" is unparsable

When browsing the code I have noticed there is a missing u before the filter "32". When I add it everything seems to run ok. Do you have a typo in your code or am I doing something wrong?

Thx

[wirespot]

Yes, making a copy and running it from post-firewall is the accepted practice. Here's how I currently do mine:

Code:

SPEEDS="2980 500"
PORTS="20 21 22 25 110 143 80 443 587 995 5050 1863 5222 6667"
[ -x /opt/app/local/bin/wshaper ] && \
/opt/app/local/bin/wshaper start $1 $SPEEDS "" "" "" "" "$PORTS" || \
/sbin/wshaper start $1 $SPEEDS

This will test if my version of wshaper exists and is an executable. If it is, it will call it and pass the ports as well. If not, it will call the original wshaper and pass just the speeds.

Of course, you should use speed values as appropriate for your connection. The ports are my own choices and you may find them useful: from left to right, we have FTP, SSH, SMTP, POP3, IMAP, HTTP, HTTPS, secure POP3 and SMTP, a few messenger transfer ports and finally IRC DCC.

As for the "u32" yes, it should have an u there. Mine does, I have no idea why it turned up missing it on the forum.

[ecori]

Dear Wirespot,
Using your instructions I think I managed to get wshaper to work. HOwever, I would like to use FTP, next to torrent traffic. The FTP traffic I want to use to transport files to other locations, and I want the download of my server to be of a reasonable speed, so this should not be low priority. COuld you explain to me what parameter I have to change in order to achieve this? At the moment my browsing and email traffic works great while downloading a torrent, but accessing the router from elsewhere by FTP is very slow. How can I put FTP traffic in the High priority class?
Thanks in advance,
Ecori

[wirespot]

Ports 20 and 21 are FTP. They're already in the instructions I gave so they should work. Unless you're trying to upload or download stuff directly on the router. This wondershaper stuff only works for traffic done from the computers in the LAN behind the router.

[ecori]

Hi Wirespot,
Thanks for your reply, indeed on my lan the wondershaper works great, but I would like to access it from the internet, if I am at my work to get to my files on the FTP drive. Is this possible at a reasonable speed while a torrent is downloading?
Thanks!
Best regards,
Ecori

[wirespot]

I'm not sure. Traffic shaping on Linux has some quirks in that it can shape things that go out of the router, but not things that come in. In your case, you want to shape traffic between the router and the Internet. FTP traffic from the router to the outside (your workplace) could be shaped, but BT... not so much. BT traffic is at least 50% download (from Internet to router) and in most cases more than 50%. That percentage cannot be shaped.

I repeat, this is a particular case: FTP vs BT traffic, both between the router and Internet. If it was traffic from the Internet to the LAN via the router you'd be able to do it. So the only choice is to stop or limit BT traffic whenever you need to transfer via FTP.

Also, please remember that you're probably going to be limited by both your home connection upload speed limit from your ISP. And if you use files on the USB drive, the router has this problem where it can't go over a certain speed (1.5-3 MB/sec) when transferring to/from the USB drive.

[raas]

Hi Ecori,

There's another approach to accomplish this.

I've had problems with transfer speeds (on lan) when the asus was heavily downloading from newsgroups. (HellaNZB).
Response and speed where very bad.

So I thought about priority settings. like giving samba (and ftp in your case) higher priorities over the downloader (HellaNZB, in your case the torrent downloader).

This can be accomplished with the use of nice. (I've had to ask other forum members on how to do this, but here's the link: http://www.wl500g.info/showthread.php?t=12189 )

Now, downloading from newsgroups is not affected unless I use samba or ftp for transfering data. Because they have higher priorities than the downloader they tend to work better, so while downloading, the response and speed is really good. The speed of the downloader drops about 80-90% (from 600-700kbyte/sec to 60-90 kbyte/sec) in the background, but speeds are resumed once you're ready transferring through samba or ftp.

So this is exactly like I wanted it to be.

transfering speeds using wired lan
samba: 3.2 - 3.5 mbyte/s
vsftpd: 3.8 - 4.0 mbyte/s



Also bear in mind when you're at work and want to download files.:
Your upload speed of your internet connection. Unless you're on fiber or something else I bet the transfer speed of your asus is faster than your uplink (for which in fact you need about 50mbit/s upstream).

HTH

[ecori]

Thanks alot Wirespot and Raas, I will try the nice method, and see if this wil work for my purpose. I realize that the upload speed is mainly dependent on the internet connection. Without torrents I was able to download from my ftp server with 100 kbs, but that dropped to 5 kbps when torrents were active. Thus using torrents made it almost impossible to use the ftp server for collecting files. Thanks for the info, I will studie the nice method, getting closer to the router config I really want!
Have a nice weekend,
Ecori

PS Raas, where do you know where I can find the file I have to edit for using the ftp program. I am using the FTP server standard present in Oleg's firmware. I cannot find the file where this is started.....

[raas]

PS Raas, where do you know where I can find the file I have to edit for using the ftp program. I am using the FTP server standard present in Oleg's firmware. I cannot find the file where this is started.....

I'm sorry man..
I don't know this, using vsftpd myself.
Maybe another forum member can dig this up out of their head(s)

[ecori]

Raas, thanks for your answer. In the mean time I found this thread on the forum: http://wl500g.info/showthread.php?t=758
I have added to the post-boot file:

killall stupid-ftpd
sleep 2s
/opt/bin/nice -n-5 /usr/sbin/stupid-ftpd -f /tmp/local/stupid-ftpd.conf

The ftp server is up and running, I don't know if the speed has improved (still need to test it...)
Thanks,
Ecori

[kauczu]

It turns out lighttpd supports SSL.

I used your tutorial, and ssl works fine, but only ssl. When I point browser to http://myrouterip it displays blank page.
In lighttpd error.log i see:

Code:

2008-05-06 13:37:19: (connections.c.279) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

Is there any solution to use both http and https protocols?

[raas]

Is there any solution to use both http and https protocols?

That's what I also wanted to do.
But I haven't found anything.
Seems that lighttpd is running in http OR in https mode, not both.

[wirespot]

AFAIK, lighttpd doesn't have "true" virtual host features ie. the same instance is not able to serve several websites simultaneously, with completely different configurations.

It has limited vhost functionality (see module evhost) which means it can map a subdomain to a certain path automatically. So you can for instance map user.domain.com to /home/user/public_html. But that's as far as it goes. It's more of a root directory hack, really.

So to answer your problem, just run one lighttpd instance for each configuration. Here's what I did:

* I've made several .conf files under /opt/etc/lighttpd by copying the original (lighttpd.conf). For instance, I have internal.conf which sets up a LAN website where I can see my rrdtool graphs, and I have external.conf which sets up a public website (with SSL and user+password) for my friends.
* Under /opt/etc/init.d/ I've copied S80lighttpd to S80lighttpd-internal and S80lighttpd-external. I've edited each of them and changed DAEMON_OPTS to reflect the appropiate .conf file as described above.
* Normally, these S80 files should start automatically at reboot. In case they don't, edit your /usr/local/sbin/post-boot and add each of them somewhere, like this:

Code:

/opt/etc/init.d/S80lighttpd-internal start

It's up to you how many different .conf files you set up and how you customize them. Just remember to make them in pairs (each .conf under /opt/etc/lighttpd needs to have a /opt/etc/init.d/S80... file that uses it).

Oh, and make sure not to have two conf files trying to use the same host+port combination ie. server.port and server.bind in the configuration must be a different combination. You can't have two servers listening on the same interface AND the same port, but you can have them listen on different interfaces and the same port or different ports and the same interface.

[al37919]

I'm using such piece of the config to enable 2 separate roots --- secure and insecure:

PHP Code:

server.document-root        = "/opt/home/www/lighttpd" 
 
$SERVER["socket"] == ":443" { 
  ssl.engine = "enable" 
  ssl.pemfile = "/opt/var/run/lighttpd.pem" 
  server.document-root        = "/opt/home/www/secure" 
 
  auth.require = ( "" => 
    ( 
      "method"  => "digest", 
      "realm"   => "VU", 
      "require" => "valid-user" 
    ) 
  ) 
} 


[raas]

ok.. nice... going to try this tonight.

Thank you !