Hi. I am running a Debian router with Shorewall and I want to use it''s internal Traffic Shaping features. On this router is a python based torrent client with a web api(torrentflux). So I set the torrent port to 49160,49161. What I want now is that all my torrent uploads get marked with 4. I thought the rule for that is: 4 fw 0.0.0.0/0 tcp 49160,49161 But the only thing that happens is that those connections get into the default chain. my config: /etc/shorewall/tcdevices ppp0 16000kbit 800kbit /etc/shorewall/tcclasses ppp0 1 20kbit 100kbit 1 tcp-ack ppp0 2 50kbit full 2 ppp0 4 30kbit full 4 ppp0 3 100kbit full 3 default /etc/shorewall/tcrules 1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-reply #WOW 2:F 0.0.0.0/0 0.0.0.0/0 tcp - 3724 2:F 0.0.0.0/0 0.0.0.0/0 tcp 3724 #torrent 4 fw 0.0.0.0/0 tcp 49160,49161 Hope you can help me. Toralf ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Toralf Niebuhr wrote:> Hi. > > I am running a Debian router with Shorewall and I want to use it''s > internal Traffic Shaping features. On this router is a python based > torrent client with a web api(torrentflux). So I set the torrent port > to 49160,49161. > What I want now is that all my torrent uploads get marked with 4. > I thought the rule for that is: > 4 fw 0.0.0.0/0 tcp 49160,49161 > But the only thing that happens is that those connections get into > the default chain.I assume that "...set the torrent port to 49160,49161" means that you are setting the *local* port numbers. So output traffic will have those as the *source* port: 4 fw 0.0.0.0/0 tcp - 49160:49161 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Am 09.01.2007 um 23:39 schrieb Tom Eastep:> Toralf Niebuhr wrote: >> Hi. >> >> I am running a Debian router with Shorewall and I want to use it''s >> internal Traffic Shaping features. On this router is a python based >> torrent client with a web api(torrentflux). So I set the torrent port >> to 49160,49161. >> What I want now is that all my torrent uploads get marked with 4. >> I thought the rule for that is: >> 4 fw 0.0.0.0/0 tcp 49160,49161 >> But the only thing that happens is that those connections get into >> the default chain. > > I assume that "...set the torrent port to 49160,49161" means that > you are > setting the *local* port numbers. So output traffic will have those > as the > *source* port: > > 4 fw 0.0.0.0/0 tcp - 49160:49161 > > -TomThank you. Somhow I thought that the configuration was: mark source dest proto port(source) port(client) (I probably expected this because of the way conections are displayed when you look at them) One more question thou. Does it make sence to use the :C qualifierer? (4:C fw 0.0.0.0/0 tcp - 49160:49161) I would think that the results would be the same or is there a difference? The only thing I can guess it that one or the other would be easier to compute. It would be great if anybody knows. But thanks for that fast helf anyway.> -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to > share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Toralf Niebuhr wrote:> One more question thou. > Does it make sence to use the :C qualifierer?No.> (4:C fw 0.0.0.0/0 tcp - 49160:49161) > > I would think that the results would be the same or is there a > difference? > The only thing I can guess it that one or the other would be easier > to compute. > > It would be great if anybody knows.Please see http://www.shorewall.net/PacketMarking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV