Previously unattempted shaping rules forcing routing change and disconnect



  • Ok so in an attempt to shape a 2mbit/0.5mbit home internet connection into a state of usefulness I set the default queue up with a service curve to allow 80% of max BW for the first 10 seconds and then throttle to 45% (this sorts BBC iPlayer which likes to spike from 0% to 100% bandwidth instead of steaming steadily) and a low priority queue for bulk transfers from particular sources (an external server pushing rsync over ssh) and a gaming and high prio queue. These were all setup as HCFS using the wizard and seem to work brilliantly.

    That is until I try to do any shaping involving transfers on connections initiated from my machines.

    First I tried setting up a rule to dump SFTP traffic into the low prio queue (avoiding the 45% cap on the default queue but still being low prio) but couldn't seem to catch it in anything except the default queue because the source is port 22 not the destination. After a few more rule changes and state resets I got it in the correct queue but if i start a transfer and continue about my business browsing etc every few minutes (4-10) everything drops and I get this in the log:

    May 17 23:19:52 php: : Resyncing OpenVPN instances for interface WAN.
    May 17 23:19:47 apinger: Starting Alarm Pinger, apinger(24076)
    May 17 23:19:47 check_reload_status: reloading filter
    May 17 23:19:46 apinger: Exiting on signal 15.
    May 17 23:19:46 php: : ROUTING: change default route to 188.39.0.18
    May 17 23:19:40 check_reload_status: Rewriting resolv.conf

    I did have an openvpn client connection setup as a 2nd gateway on OPT1 but I have since removed the gateway, OPT1 and the OVPN connection and I'm still getting this (I don't really know what its doing but seeing openvpn in the log i thought i'd remove it as a first port of call)

    It is the bottom most rule in the FW config that causes this behaviour (although i'm assuming its not much to do with the rule but what i'm attempting to do..)

    The only real difference between what I want to do and what already works (the rule above it) is that im slurping data from the SFTP client instead of it being pushed over SSH from another source one works and the former spews out those logs and disconnects everything for 30 seconds or so


Log in to reply