ClearFoundation

How did to setting bandwidth management that running together with proxy server? The problem is that if i setting bandwidth management like this for example :

nickname :client
interface:all (i have 2 lines isp joining with multiWAN)
ip addrs: 192.168.1.1-192.168.1.20
port: all port
direction : download
rate : 64kbps
ceilling:128kbps
greed: medium

and i activated my proxy server and flow my network trough it, so.. when i test to download in speedtest.com, my client always have all bandwidth (more than 128kbps),but if i not use proxy server,the bandwidth did limited.It's look like that if i used proxy server,than bandwidth limitation will bypassed.

I tried many of setting,but the problem is always happened.Did clearOS cannot running well with bandwidth manager and proxy server run together in one box?

So..what can i do,if i want to used that two of clearOs feature?

mas andi orang indo ya...
bs mintak YM nya...
saya makek CC 4.3

ClearOS BW management nya kayaknya kurang bagus neh mas
gk ada port range
bs jadi nightmare buat system admin

Iya,, YM: andi.micro

Itu aku pake CC5 juga terjadi masalah kalau proxy dan bw manager dijalankan bareng2.....

Tapi kalau pake CC 4.3 ga bisa batasi bw per ip,,,, cuma per grup aja,,,atau per protocol

Iya di clearOS ga bisa port range

Add YM yah,jadi bisa tuker-tukeran ilmu,, aku udah pernah pake CC v4 sampai v5,sekarang nyoba clearOS v5.1 tapi ya itu tadi trouble di 2 fitur itu yang ga bisa jalan bareng

I hope I'm not being rude, but can you please type in english.

Marko wrote:
I hope I'm not being rude, but can you please type in english.

I am sorry , theannuaki said to me that nothing to do because it is bug from inside clearOS itself,so if i tried to running bandwidth manager and proxy server together,it will not running well, proxy server always give full bandwidth access to clients and bypassing bandwidth limitation.

Is it true the bug?

It seems it is not a bug per se, but it IS a problem. It appears you can throttle web traffic, but not on a per host basis, you can only throttle the entire networks web traffic through squid.

But this is not acceptable behavior to me. And QOS is a HUGE concern on my LAN since I have Voip devices running. And I need content filtering. Is there a way to transparently proxy only a certain range of IP addresses? Or by MAC addy?

Here is something interesting that might point you in the right direction. I haven't tested any of this, it's just a theory after reading what the Clear team said about the config issue and looking trhrough the firewall script.

IF you have Transparent ON and Content Filtering ON, then any traffic on Port 80 is forwarded to port 8080.

Transparent ON, Content Filter OFF, port 80 -> 3128

Maybe that will help. I've not wrapped my head around any of this yet, but it seems like a clue.

Any updates on this??

I'm currently using ClarkConnect 4.1 and I'm evaluating a few different gateway/firewall solutions. ClearOS looks great, but content filtering (via transparent proxy) and bandwidth monitoring are the 2 features I must have and after having reading this, it seems they won't work together - this seems like a pretty big deal, and would definitely be a dealbreaker for me.

Hi all,

One day, we'll have to write some technical documentation on this. In ClearOS, the network traffic flow goes something like this:

Internet <-> Bandwidth <-> Firewall <-> Filter <-> Proxy <-> LAN system

When the proxy is not enabled, bandwidth rules using the IP address of a LAN system will work as expected. As soon as you enable the proxy, those LAN IPs are proxied. The bandwidth manager has no (easy) way to distinguish the original source of a web page request. You can still limit web uploads/download for the entire proxy, but not by LAN IP address.

In ClarkConnect 4.x, the bandwidth shaper was implemented a little differently.

Internet <-> Upstream Bandwidth <-> Firewall <-> Filter <-> Proxy <-> Downstream Bandwidth <-> LAN system

It was kind of possible to limit web downloads from a LAN system. The proxy downloaded a web request at full speed and only started to slow down once data flowed back the LAN web browser. This created two side effects:

1) it caused unexpected burst problems (bad for VoIP)
2) it made the bandwidth rule only effective for large files (not casual web browsing)

Bandwidth Manager - Small Businesses/Organizations

For a small business/organization (the target market for ClearOS Enterprise), the best way to work with bandwidth is to:

- Create bandwidth rules for high priority traffic
- Let the low priority traffic battle for what is left

For example:

- Create a bandwidth rule to prioritize VoIP traffic
- Create a bandwidth rule limiting web uploads/downloads to the box (for example, cap it at 50% of the total bandwidth)
- Create bandwidth rules limiting upload/downloads by LAN IP

A user on the LAN will have shared access to the limited web proxy bandwidth, while still limited for other protocols (bittorrent for example) so he/she won't hog bandwidth. VoIP calls will always pass through and push out low priority traffic.

Bandwidth Manager - Cybercafe, ISP, Multi-Tenant

The bandwidth requirements are different for cybercafes, ISPs and the multi-tenant market. In those markets you want:

- Specific bandwidth allotments by user or IP

The cybercafe/ISP/multi-tenant world might need to help ClearFoundation implement a better solution. I personally know that these markets are underserved, and in an ideal world there would be a ClearOS solution tailored for it (captive portal, radius, etc). That's... not on the radar map for ClearCenter right now but ClearOS is open source -- so we're open for contributions!