Hello to the list and Tom,
I am building a box with Fdc5 stock Kernel, 4 interface.
You can see their functions from the dump. eth2 is shut down
right now because its in a test environment right now with no
dmz servers on the proxy arp dmz. The two providers
are comcast and a 1.1 frac T-1 for testing. Comcast is
dhcp, but when I deploy the ext_interfaces will all be static T-1 (frac
1.1),
and 4mb wireless similar to quest with ppoe auth.
This firewall would route all business accounting to Utah
to an As400 rpg app on port 23 through ipsec on the T-1 using
Shorewall route rules. All port 80,443, will be squid on the firewall
routing through the higher speed 4mb connection. I have all this
working great with the exception of tcrules. One employee uploads
pictures through the 4mb connection to the east coast daily from his
xp desktop. This used to really slow things down until I fired
up stock wondershaper which moved the queue to the shorewall
box that will be replaced buy this box I am building.
Now to the questions, I was trying to add some classes
to control any uploads from this network and I cant seem
to control the uploads with the tcrules I have currently.
The uploads I try go to the default class. Is there some
shorewall tricks to use ftp conn tracking.
I''m thinking because ftp has variable ports that''s why I cant
control this traffic right now. What I would like is any uploads
that occur to either isp be throttled to 500kps. That way
event if traffic went thought the slower T-1 there would be
plenty of bandwidth left.
Secondly since we cant control downloads
is my current config ok? Or am I missing some tricks
you guys could help me with. I have got about 100 hours
of reading Shorewall site trying to play with tcrules and
stuff. Any help would be greatly appreciated. And I have
been off the list for about a year and half since my wife
died. I opened up my xpbox in my shop that has Shorewall mail list
account and downloaded a billion emails from my mail server
from the list and I read many of those too. Shorewall
has come a long way you guys.
Thanks
Mike
PS Having trouble contacting the list, Please forgive me if this is double
post.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Mike Lander wrote:> Hello to the list and Tom, > I am building a box with Fdc5 stock Kernel, 4 interface. > You can see their functions from the dump. eth2 is shut down > right now because its in a test environment right now with no > dmz servers on the proxy arp dmz. The two providers > are comcast and a 1.1 frac T-1 for testing. Comcast is > dhcp, but when I deploy the ext_interfaces will all be static T-1 (frac > 1.1), > and 4mb wireless similar to quest with ppoe auth. > This firewall would route all business accounting to Utah > to an As400 rpg app on port 23 through ipsec on the T-1 using > Shorewall route rules. All port 80,443, will be squid on the firewall > routing through the higher speed 4mb connection. I have all this > working great with the exception of tcrules. One employee uploads > pictures through the 4mb connection to the east coast daily from his > xp desktop. This used to really slow things down until I fired > up stock wondershaper which moved the queue to the shorewall > box that will be replaced buy this box I am building. > Now to the questions, I was trying to add some classes > to control any uploads from this network and I cant seem > to control the uploads with the tcrules I have currently.Hi Mike, Your CLASSIFY rules are wrong. The minor class of Shorewall-generated TC classes is (100 + <mark value>) (e.g., 1:110, 1:120, etc.) whereas you are specifying 1:10, 1:20, ... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642