[Firehol-support] Interface rate doesn't affect clients via ip forwarding
Jonathan Steel
jonathansteel at educationcity.com
Tue Mar 19 11:20:17 GMT 2019
I raised a bug, but on review I wonder if it could just be how I'm using
the software so would appreciate any comments on my issue and setup:
https://github.com/firehol/firehol/issues/393
For convenience here's a copy of the report:
> I'm using a very simple config to test this on Arch Linux:
>
> DEVICE=ens224
> INPUT_SPEED=512kbps
> OUTPUT_SPEED=512kbps
> interface $DEVICE world bidirectional input rate $INPUT_SPEED output rate $OUTPUT_SPEED
>
> My plan is to use FireQOS on my gateway VM which has ip forwarding enabled
> to allow clients to pass traffic through it. Setting a low rate for testing
> (say 512kbps) affects the gateway VM with FireQOS installed, but clients
> seem to run at full speed. If I masquerade the clients in iptables then it
> works, but I don't want to mask the clients as I would like to see true src
> and dst addresses when it comes to logging/graphing.
>
> One thing to note is that if I set "max 10%" on a class this does seem to
> have some affect on the clients, but seems to be about 10% of the full
> possible speed, not 10% of the rate. The gateway VM is affected by dropping
> to 10% of the rate, so there's a clear difference between clients and the
> gateway VM despite them both going through the ens224 NIC on the gateway VM
> for any traffic. Any thoughts would be appreciated.
Thanks,
--
Jonathan
More information about the Firehol-support
mailing list