Nigel Aves
2010-Feb-16 04:01 UTC
Adding download control for internal interface - qdisk errors out
Shorewall version 4.4.7 I have managed to configure Shorewall successfully for traffic shaping on the upload and that all seems to be working ok. Today I''m trying to control downloading as well, rather than using Squids delay pools. I followed the on-line documentation but when I try to start Shorewall the following message pops up. Setting up Traffic Control... RTNETLINK answers: File exists ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum 1500 limit 127 perturb 10" Failed Processing /etc/shorewall/stop ... I have had a hunt around and can not find out what I have done wrong. (No surprises there, I''m no sysadm type person). Any help as to what I have done wrong will be gratefully received. Nigel. Here are the files (when just using the ppp0 everything works perfectly, commented out the eth1 lines to get the firewall working) tcdevices ppp0 6200kbit 4400kbit eth1 - 100mbits tcclasses ppp0 1 5*full/100 full 1 tcp-ack,tos-minimize-delay ppp0 2 47*full/100 full 2 ppp0 3 10*full/100 full 3 ppp0 4 5*full/100 full 4 ppp0 5 29*full/100 full 5 ppp0 6 4*full/100 full 6 default #eth1 1 5*full/100 full 1 tcp-ack #eth1 3 10*full/100 full 2 #eth1 4 5*full/100 full 3 #eth1 5 70*full/100 full 4 #eth1 6 10*full/100 full 5 default I think it''s the tcclasses it does not like because if I keep the tcrules for just the ppp0 interface I still get the error message when I un-comment "eth1" tcrules 1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 2:T 207.224.48.222 0.0.0.0/0 tcp - 80,443 3:T 0.0.0.0/0 0.0.0.0/0 tcp 53 3:T 0.0.0.0/0 0.0.0.0/0 udp 53 # 3:F ppp0 eth1 tcp - 53 # 3:F ppp0 eth1 udp - 53 4:T 0.0.0.0/0 0.0.0.0/0 tcp 25 4:T 0.0.0.0/0 0.0.0.0/0 udp 25 # 4:F ppp0 eth1 tcp - 25 # 4:F ppp0 eth1 udp - 25 5:T 0.0.0.0/0 0.0.0.0/0 tcp 80,443 # 5:F ppp0 eth1 tcp - 80,443 I''ve also tried not using eth1 but 192.168.1.0/24 ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Trent O''Callaghan
2010-Feb-16 04:28 UTC
Re: Adding download control for internal interface - qdisk errors out
Hi Nigel, The issue you are seeing: RTNETLINK answers: File exists ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum 1500 limit 127 perturb 10" Failed Processing /etc/shorewall/stop Can be resolved by running tc qdisc del dev eth1 root before adding the new settings "tc qdisc add dev eth1 ..." This is a sysadmin work around which I am sure can be adapted into /etc/shorewall/stop or start Kind regards, Trent O''Callaghan -----Original Message----- From: Nigel Aves [mailto:nigel@twin-peaks-video.com] Sent: Tuesday, 16 February 2010 12:01 PM To: shorewall-users@lists.sourceforge.net Subject: [Shorewall-users] Adding download control for internal interface - qdisk errors out Shorewall version 4.4.7 I have managed to configure Shorewall successfully for traffic shaping on the upload and that all seems to be working ok. Today I''m trying to control downloading as well, rather than using Squids delay pools. I followed the on-line documentation but when I try to start Shorewall the following message pops up. Setting up Traffic Control... RTNETLINK answers: File exists ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum 1500 limit 127 perturb 10" Failed Processing /etc/shorewall/stop ... I have had a hunt around and can not find out what I have done wrong. (No surprises there, I''m no sysadm type person). Any help as to what I have done wrong will be gratefully received. Nigel. Here are the files (when just using the ppp0 everything works perfectly, commented out the eth1 lines to get the firewall working) tcdevices ppp0 6200kbit 4400kbit eth1 - 100mbits tcclasses ppp0 1 5*full/100 full 1 tcp-ack,tos-minimize-delay ppp0 2 47*full/100 full 2 ppp0 3 10*full/100 full 3 ppp0 4 5*full/100 full 4 ppp0 5 29*full/100 full 5 ppp0 6 4*full/100 full 6 default #eth1 1 5*full/100 full 1 tcp-ack #eth1 3 10*full/100 full 2 #eth1 4 5*full/100 full 3 #eth1 5 70*full/100 full 4 #eth1 6 10*full/100 full 5 default I think it''s the tcclasses it does not like because if I keep the tcrules for just the ppp0 interface I still get the error message when I un-comment "eth1" tcrules 1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 2:T 207.224.48.222 0.0.0.0/0 tcp - 80,443 3:T 0.0.0.0/0 0.0.0.0/0 tcp 53 3:T 0.0.0.0/0 0.0.0.0/0 udp 53 # 3:F ppp0 eth1 tcp - 53 # 3:F ppp0 eth1 udp - 53 4:T 0.0.0.0/0 0.0.0.0/0 tcp 25 4:T 0.0.0.0/0 0.0.0.0/0 udp 25 # 4:F ppp0 eth1 tcp - 25 # 4:F ppp0 eth1 udp - 25 5:T 0.0.0.0/0 0.0.0.0/0 tcp 80,443 # 5:F ppp0 eth1 tcp - 80,443 I''ve also tried not using eth1 but 192.168.1.0/24 ---------------------------------------------------------------------------- -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Tom Eastep
2010-Feb-16 05:33 UTC
Re: Adding download control for internal interface - qdisk errors out
Nigel Aves wrote:> Shorewall version 4.4.7 > > I have managed to configure Shorewall successfully for traffic shaping on > the upload and that all seems to be working ok. > > Today I''m trying to control downloading as well, rather than using Squids > delay pools. I followed the on-line documentation but when I try to start > Shorewall the following message pops up. > > Setting up Traffic Control... > RTNETLINK answers: File exists > ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum > 1500 limit 127 perturb 10" Failed > Processing /etc/shorewall/stop ... > > > I have had a hunt around and can not find out what I have done wrong. (No > surprises there, I''m no sysadm type person). > > Any help as to what I have done wrong will be gratefully received. >http://www.shorewall.net/support.htm#Guidelines -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Tom Eastep
2010-Feb-16 05:35 UTC
Re: Adding download control for internal interface - qdisk errors out
Trent O''Callaghan wrote:> Hi Nigel, > > The issue you are seeing: > RTNETLINK answers: File exists > ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum > 1500 limit 127 perturb 10" Failed Processing /etc/shorewall/stop > > Can be resolved by running > > tc qdisc del dev eth1 root > > before adding the new settings "tc qdisc add dev eth1 ..." > > This is a sysadmin work around which I am sure can be adapted into > /etc/shorewall/stop or startShorewall generates that command already; it gets executed early in ''start'' and ''restart''. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Nigel Aves
2010-Feb-17 00:15 UTC
Re: Adding download control for internal interface - qdisk errors out
Please find enclosed a zip of the "dump" file -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Monday, February 15, 2010 22:34 To: Shorewall Users Subject: Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out Nigel Aves wrote:> Shorewall version 4.4.7 > > I have managed to configure Shorewall successfully for traffic shaping on > the upload and that all seems to be working ok. > > Today I''m trying to control downloading as well, rather than using Squids > delay pools. I followed the on-line documentation but when I try to start > Shorewall the following message pops up. > > Setting up Traffic Control... > RTNETLINK answers: File exists > ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum > 1500 limit 127 perturb 10" Failed > Processing /etc/shorewall/stop ... > > > I have had a hunt around and can not find out what I have done wrong. (No > surprises there, I''m no sysadm type person). > > Any help as to what I have done wrong will be gratefully received. >http://www.shorewall.net/support.htm#Guidelines -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ---------------------------------------------------------------------------- -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Tom Eastep
2010-Feb-17 01:18 UTC
Re: Adding download control for internal interface - qdisk errors out
Nigel Aves wrote:> Please find enclosed a zip of the "dump" fileI''ll try to get to this in the next several days. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Nigel Aves
2010-Feb-17 01:37 UTC
Re: Adding download control for internal interface - qdisk errors out
Thanks Tom, no hurry ..... -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, February 16, 2010 18:19 To: Shorewall Users Subject: Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out Nigel Aves wrote:> Please find enclosed a zip of the "dump" fileI''ll try to get to this in the next several days. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ---------------------------------------------------------------------------- -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Tom Eastep
2010-Feb-17 06:52 UTC
Re: Adding download control for internal interface - qdisk errors out
Nigel Aves wrote:> Thanks Tom, no hurry .....I''ve been able to reproduce the problem here. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Tom Eastep
2010-Feb-17 14:37 UTC
Re: Adding download control for internal interface - qdisk errors out
Tom Eastep wrote:> Nigel Aves wrote: >> Thanks Tom, no hurry ..... > > I''ve been able to reproduce the problem here.Here''s a patch: patch /usr/share/shorewall/Shorewall/Tc.pm < sfqclassnum.diff Please let me know if it works for you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Nigel Aves
2010-Feb-17 14:37 UTC
Re: Adding download control for internal interface - qdisk errors out
On Tue, 16 Feb 2010 22:52:45 -0800, Tom Eastep <teastep@shorewall.net> wrote:> Nigel Aves wrote: >> Thanks Tom, no hurry ..... > > I''ve been able to reproduce the problem here. > > -TomSounds like we found a bug. Thanks for your very prompt action on this - Nigel. -->From the desk of Nigelhttp://soft-focus-imagining.com http://rational-alchemy.com http://twin-peaks-video.com ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Nigel Aves
2010-Feb-18 00:39 UTC
Re: Adding download control for internal interface - qdisk errors out
Tom, Patch worked perfectly ... Thank you. Nigel. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Wednesday, February 17, 2010 07:37 To: Shorewall Users Subject: Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out Tom Eastep wrote:> Nigel Aves wrote: >> Thanks Tom, no hurry ..... > > I''ve been able to reproduce the problem here.Here''s a patch: patch /usr/share/shorewall/Shorewall/Tc.pm < sfqclassnum.diff Please let me know if it works for you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev