search for: tcfor

...SOURCE DEST PROTO PORT(S) CLIENT USER 2 eth1 0.0.0.0/0 tcp 80 As a result, I tried to get more information using the shorewall start debug 2 > file command. Here''s what I got : + run_iptables2 -t mangle -A tcfor -p -j MARK --set-mark ''PORT(S)'' + ''['' ''x-t mangle -A tcfor -p -j MARK --set-mark PORT(S)'' = ''x-t mangle -A tcfor -p -j MARK --set-mark PORT(S)'' '']'' + run_iptables -t mangle -A tcfor -p -j MARK --set-mark '...

Hi! It''s me again bothering you guys, what I want to do is to give full bandwidth to VPN traffic and limit the rest to 30KB/s (kilobytespersecond), ok? Here''s what I have: tcclasses ################################## eth0 1 1kbps 70kbps 1 eth0 2 1kbps 30kbps 2 default eth1 3 15kbps 10000kbps 1 eth1 4

...anywhere tcpre all -- anywhere anywhere Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination IMQ all -- anywhere anywhere IMQ: todev 0 tcfor all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination outtos all -- anywhere anywhere tcout all -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source...

....0.0.0/0 MARK match 0x0/0xff00 Chain INPUT (policy ACCEPT 20174 packets, 6867K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 1737 packets, 340K bytes) pkts bytes target prot opt in out source destination 1733 340K tcfor 0 -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 112K packets, 56M bytes) pkts bytes target prot opt in out source destination 454 47166 CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match !0x0/0xff CONNMARK restore mask 0xff...

I have, for the time being, decided to split my dual ISP/single shorewall connection into two shorewall connections/boxes, each handling one ISP. I am running OSPF in the network and so far things are working out fairly well (from a client of the two gateways). $ ip route ls 10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20 192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric

I am setting to a shorewall system with 4 NIC''s as per the outline specification below. Can anyone please have a look and let me know what I have missed and what I have got wrong as I want to take this system live ASAP but do not want to kill internet access and the hosting for too long ! I have listed below the system outline & have attached the config files that I have changed, if

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the

I don''t know whether this is the right place to ask, but kindly point me to an FM that I can R if it isn''t. My wife is creating lots of Kazaa traffic, and I am using rsync to create a full mirror of Red Hat''s FTP site, Aurora Linux FTP site, the LDP site, and some other stuff. Clearly, when one is moving well over 100GB over a 128 Kbps link, this is going to take a

...4 /var/lib/shorewall/.iptables-restore-input mx:/usr/share/shorewall# more /var/lib/shorewall/.iptables-restore-input *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :tcfor - [0:0] :tcout - [0:0] :tcpost - [0:0] :tcpre - [0:0] -A PREROUTING -j tcpre -A FORWARD -j tcfor -A OUTPUT -j tcout -A POSTROUTING -j tcpost COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :Drop - [0:0] :Reject - [0:0] :all2all - [0:0] :blacklst - [0:0] :dropBcast - [0:0]...

.../0 0.0.0.0/0 Chain INPUT (policy ACCEPT 50316 packets, 7586K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 11429 packets, 1761K bytes) pkts bytes target prot opt in out source destination 58 2960 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 42026 packets, 7783K bytes) pkts bytes target prot opt in out source destination 102 14445 outtos all -- * * 0.0.0.0/0 0.0.0.0/0 96 13621 tcout all -...

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

...-- * * 0.0.0.0/0 0.0.0.0/0 Chain INPUT (policy ACCEPT 77417 packets, 11M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 2444K packets, 1565M bytes) pkts bytes target prot opt in out source destination 2444K 1565M tcfor all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 147K packets, 195M bytes) pkts bytes target prot opt in out source destination 147K 195M tcout all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 2592K packets, 1760M byte...

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at