I would lilke to shape upload ftp bandwidth in a dual ISP setup [shorewall show connections] tcp 6 431215 ESTABLISHED src=192.168.2.89 dst=83.xxx.xxx.23 sport=1487 dport=21 src=83.xxx.xxx.23 dst=10.0.11.2 sport=21 dport=1487 [ASSURED] use=2 mark=1 [tcdevices] #INTERFACE IN-BANDWITH OUT-BANDWIDTH $EIF 970kbit 245kbit $LIF 970kbit 245kbit [tcclasses] #INTERFACE MARK RATE CEIL PRIORITY OPTIONS $EIF 10 full full 1 tos-minimize-delay $EIF 20 full*5/10 full*7/10 2 default $EIF 30 full*3/10 full*5/10 3 $EIF 40 full*2/10 full*2/10 20 $LIF 10 full full 1 tos-minimize-delay $LIF 20 full*5/10 full*7/10 2 default $LIF 30 full*3/10 full*5/10 3 $LIF 40 full*2/10 full*2/10 20 [tcrules ] --------- RESTORE:P - - tcp CONTINUE:P - - tcp - - - !0 10:P - - tcp 20,21 10:P - - tcp - 20,21 10:P - - tcp 20,21 10:P - - tcp - 20,21 SAVE:P - - tcp - - - 10 1:110:F - $EIF - - - - 10 2:110:F - $LIF - - - - 10 But for some reason ( my mistake of course ) the upload falls into the default class. Any help ???? Thanks in advance for your help... PS I am not realy sure what is the relation between the [shorewall show connections] mark=1 and the TEST column in tcrules shorewall file. I''ve tried both 0 and 1 as the p2p shapping example in the tcrules file even though I''ve seen varius mark connections (0,1,2). ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Wednesday 29 March 2006 11:40, grharry@freemail.gr wrote:> > But for some reason ( my mistake of course ) the upload falls into the > default class. >You can''t use PREROUTING marking for traffic control in a multi-ISP configuration where you are using ''track'' and you can''t use connection marks. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Thanks Tom .... Could you be a little more specific...??? Please ??>On Wednesday 29 March 2006 11:40, grharry@freemail.gr wrote: > > > >>But for some reason ( my mistake of course ) the upload falls into the >>default class. >> >> >> > >You can''t use PREROUTING marking for traffic control in a multi-ISP >configuration where you are using ''track'' and you can''t use connection marks. > >-Tom > >------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Wednesday 29 March 2006 12:53, Harry Lachanas wrote:> Thanks Tom .... > Could you be a little more specific...??? > Please ?? >Not in the middle of a workday, no. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
I can respect the fact that you are in your working environment at the moment and I am not expecting any answer now cause here also it is the middle of the night. Never the less what I am saying is could you be a little more speciffic some time soon enough??? I''ve been searching all over the net to find an answer on this matter and here I stand empty handed, tired, and in no position to solve riddles.>On Wednesday 29 March 2006 12:53, Harry Lachanas wrote: > > >>Thanks Tom .... >>Could you be a little more specific...??? >>Please ?? >> >> >> > >Not in the middle of a workday, no. > >-Tom > >------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Wednesday 29 March 2006 12:53, Harry Lachanas wrote:> Thanks Tom .... > Could you be a little more specific...??? > Please ?? >[tcrules ] --------- 10:F - - tcp 20,21 10:F - - tcp - 20,21 10:F - - tcp 20,21 10:F - - tcp - 20,21 1:110 - $EIF - - - - 10 2:110 - $LIF - - - - 10 You can add your RESTORE, CONTINUE and SAVE rules in the FORWARD chain (replace "P" by "F") *ONLY IF YOU DON''T USE ''track'' IN /etc/shorewall/providers. In that case, passive FTP will also work correctly; otherwise, only active FTP will be traffic shaped. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Thanks A million Tom ..... Finnally managed to do it with your guidance .... God bless you .... Regards>On Wednesday 29 March 2006 12:53, Harry Lachanas wrote: > > >>Thanks Tom .... >>Could you be a little more specific...??? >>Please ?? >> >> >> >[tcrules ] >--------- >10:F - - tcp 20,21 >10:F - - tcp - 20,21 >1:110 - $EIF - - - - 10 >2:110 - $LIF - - - - 10 > >You can add your RESTORE, CONTINUE and SAVE rules in the FORWARD chain >(replace "P" by "F") *ONLY IF YOU DON''T USE ''track'' >IN /etc/shorewall/providers. In that case, passive FTP will also work >correctly; otherwise, only active FTP will be traffic shaped. > >-Tom > >------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
So in other words Tom if I undestand correct in a multi ISP env when track option is used, passive ftp cannot be shapped ?? If the answer to the above is yes then How can one NOT use the "track" option in providers file and do also multi ISP load balancing in order to also achieve ftp and the like protocols, traffic shapping ???? Is this by using the shorewall 2.xx version approach ???? Regards Harry.>On Wednesday 29 March 2006 12:53, Harry Lachanas wrote: > > >>Thanks Tom .... >>Could you be a little more specific...??? >>Please ?? >> >> >> >[tcrules ] >--------- > >10:F - - tcp 20,21 >10:F - - tcp - 20,21 >10:F - - tcp 20,21 >10:F - - tcp - 20,21 >1:110 - $EIF - - - - 10 >2:110 - $LIF - - - - 10 > >You can add your RESTORE, CONTINUE and SAVE rules in the FORWARD chain >(replace "P" by "F") *ONLY IF YOU DON''T USE ''track'' >IN /etc/shorewall/providers. In that case, passive FTP will also work >correctly; otherwise, only active FTP will be traffic shaped. > >-Tom > >------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Tuesday 04 April 2006 08:49, Harry Lachanas wrote:> So in other words Tom if I undestand correct in a multi ISP env when > track option is used, passive ftp cannot be shapped ?? > > If the answer to the above is yes then > How can one NOT use the "track" option in providers file and do also > multi ISP load balancing in order to also achieve ftp and the like > protocols, traffic shapping ????You can''t if you want incoming connections to work. There are a number of holes in Netfilter that are filled today by the ''mark'' hack. Unfortunately, there is only one packet mark (and one connection mark) so you can only fill one of those holes at a time. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Tuesday 04 April 2006 13:10, Tom Eastep wrote:> On Tuesday 04 April 2006 08:49, Harry Lachanas wrote: > > So in other words Tom if I undestand correct in a multi ISP env when > > track option is used, passive ftp cannot be shapped ?? > > > > If the answer to the above is yes then > > How can one NOT use the "track" option in providers file and do also > > multi ISP load balancing in order to also achieve ftp and the like > > protocols, traffic shapping ???? > > You can''t if you want incoming connections to work. > > There are a number of holes in Netfilter that are filled today by the > ''mark'' hack. Unfortunately, there is only one packet mark (and one > connection mark) so you can only fill one of those holes at a time. >Note that netfilter itself has the ability to apply a mask to the packet or connection mark so you can effectively have multiple small mark fields. But none of the other utilities (most notably ''ip'' and ''tc'') have the ability to mask the packet mark value. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key