Page 136 / 139
Scroll up to view Page 131 - 135
136
Click
Apply
3.
Click
Activate
and wait for the firewall to restart.
FTP traffic from LAN to WAN will now be guaranteed half of the total bandwidth to the
Internet, 1mbit/s of 2mbit/s. If there are no FTP connections, or if the bandwidth usage of the
FTP connections are less than 1mbit/s other services can use the bandwidth. The guaranteed
bandwidth isn’t reserved for FTP traffic only. Eg if the FTP session is using 800kbit/s, all other
services could still use all of the reminding 1200kbit/s.
Important note!
The WAN interface speed under
System->Interfaces
must match the
speed of the Internet connection for guarantees to work. If the bandwidth is set to high, traffic
shaping will not work.
Traffic shaping could also be used for VPN connections. An IP phone connection over an
IPsec LAN-to-LAN tunnel could for example be guaranteed a certain amount of bandwidth.
Traffic shaping for VPN is done in the same way as physical interfaces. First make sure
Allow
all VPN traffic
is unchecked (
Firewall->Policies->Global settings
). Select the interfaces
under Custom policy, eg
LAN
to
IPsecTunnel01,
and click
Show
.
Now policies for the VPN
interface can be created in a similar way as the setups in the guides above to make
guarantees or limits.
Page 137 / 139
Appendixes
Appendix A: ICMP Types and Codes
The Internet Control Message Protocol (ICMP) has many messages that are identified by
a “type” field; many of these ICMP types have a "code" field.
Here we list the types with their
assigned code fields.
Type
Name
Code
Description
Reference
0
Echo Reply
0
No Code
RFC792
3
Destination Unreachable
0
Net Unreachable
RFC792
1
Host Unreachable
RFC792
2
Protocol Unreachable
RFC792
3
Port Unreachable
RFC792
4
Fragmentation Needed and
Don't Fragment was Set
RFC792
5
Source Route Failed
RFC792
6
Destination Network Unknown
RFC792
7
Destination Host Unknown
RFC792
8
Source Host Isolated
RFC792
9
Communication
with
Destination
Network
is
Administratively Prohibited
RFC792
10
Communication
with
Destination
Host
is
Administratively Prohibited
RFC792
11
Destination
Network
Unreachable
for
Type
of
Service
RFC792
12
Destination Host Unreachable
for Type of Service
RFC792
13
Communication
Administratively Prohibited
RFC1812
14
Host Precedence Violation
RFC1812
15
Precedence cutoff in effect
RFC1812
4
Source Quench
0
No Code
RFC792
5
Redirect
0
Redirect Datagram for the
Network (or subnet)
RFC792
Page 138 / 139
138
1
Redirect Datagram for the
Host
RFC792
2
Redirect Datagram for the
Type of Service and Network
RFC792
3
Redirect Datagram for the
Type of Service and Host
RFC792
8
Echo
0
No Code
RFC792
9
Router Advertisement
0
Normal router advertisement
RFC1256
16
Does not route common traffic
RFC2002
10
Router Selection
0
No Code
RFC1256
11
Time Exceeded
0
Time to Live exceeded in
Transit
RFC792
1
Fragment Reassembly Time
Exceeded
RFC792
12
Parameter Problem
0
Pointer indicates the error
RFC792
1
Missing a Required Option
RFC1108
2
Bad Length
RFC792
13
Timestamp
0
No Code
RFC792
14
Timestamp Reply
0
No Code
RFC792
15
Information Request
0
No Code
RFC792
16
Information Reply
0
No Code
RFC792
17
Address Mask Request
0
No Code
RFC950
18
Address Mask Reply
0
No Code
RFC950
30
Traceroute
RFC1393
31
Datagram
Conversion
Error
RFC1475
40
Photuris
RFC2521
0
Bad SPI
RFC2521
1
Authentication Failed
RFC2521
2
Decompression Failed
RFC2521
3
Decryption Failed
RFC2521
4
Need Authentication
RFC2521
5
Need Authorization
RFC2521
Page 139 / 139
Appendix B: Common IP Protocol Numbers
These are some of the more common IP Protocols, for all follow the link after the table.
Decimal
Keyword
Description
Reference
1
ICMP
Internet Control Message
RFC792
2
IGMP
Internet Group Management
RFC1112
3
GGP
Gateway-to-Gateway
RFC823
4
IP
IP in IP (encapsulation)
RFC2003
5
ST
Stream
RFC1190, RFC1819
6
TCP
Transmission Control
RFC793
8
EGP
Exterior Gateway Protocol
RFC888
17
UDP
User Datagram
RFC768
47
GRE
General
Routing
Encapsulation
50
ESP
Encapsulation
Security
Payload
RFC2406
51
AH
Authentication Header
RFC2402
108
IPComp
I IP Payload Compression
Protocol
RFC2393
112
VRRP
Virtual
Router
Redundancy
Protocol
115
L2TP
Layer Two Tunneling Protocol
19216811.live