search for: tc_enable

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found a problem with my tcstart script. First I was running system TC enabled for testing and then to stop all TC I changed TC_ENABLED=No. But I started to wonder why shorewall restart did _not_ clear TC rules after TC was disabled? So I checked firewall and found out that if TC_ENABLED=No TC_CLEAR is disabled automatically. Question is: should TC_ENABLED=No disable CLEAR_TC? Now it''s doing so. Shorewall is version 2...

Version 3.0.5 with the two-devices setup (eth0 - net, eth1 - loc). Kernel 2.4.29 tcdevices, tcrules, and tcclasses are clones of the wondershaper example (http://www.shorewall.net/traffic_shaping.htm) with eth0 replacing ppp. With TC_ENABLED=Internal in shorewall.conf: ---- Validating /etc/shorewall/tcdevices... Validating /etc/shorewall/tcclasses... ERROR: device A seems not to be configured in tcdevices ---- No errors with TC_ENABLED=No although the line "Setting up Traffic Control Rules..." is printed. Shouldn'...

why say: Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Not available not available ? modules is loaded. or for rule = 0 ? TC_ENABLE=Yes say Error: Traffic Control requires Mangle

Hello, From a user perspective, the simple (tcpri) and complex TC configs offers two rather distinct choices. A user can very well be OK with only using the simple way and that''s very fine. Then again, even in doing so, the more complex config options are available. What is the interplay between the two as far as having some parameters configured in both at the same time ? So far

Hi, I am trying to do the simplest configuration of traffic shaping. So I did: shorewall.conf TC_ENABLED=Simple tcinterfaces eth0.2 External 500kbit tcdevices eth0.2 500kbit 200kbit And I am testing the speed on that interface - whether I did it ok or not, and my speed is still 4mbit/512kbit. So the question is - How to reduce the speed on interface connected to t...

...ndling wildcard interfaces with the ''wait=n'' option was incorrect. For each matching interface, the script would check its readiness n times in rapid succession. The script now sleeps 1 second between checks. 2) Previously, the tcrules file was not processed when TC_ENABLED=No. That meant that to use features like TPROXY without also using traffic shaping, it was necessary to set TC_ENABLED=Yes and create a dummy /etc/shorewall/tcstart file. Now, only MANGLE_ENABLED=Yes is required. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfathe...

...ndling wildcard interfaces with the ''wait=n'' option was incorrect. For each matching interface, the script would check its readiness n times in rapid succession. The script now sleeps 1 second between checks. 2) Previously, the tcrules file was not processed when TC_ENABLED=No. That meant that to use features like TPROXY without also using traffic shaping, it was necessary to set TC_ENABLED=Yes and create a dummy /etc/shorewall/tcstart file. Now, only MANGLE_ENABLED=Yes is required. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfathe...

Hi, I''ve been having a really strange thing happen. I can''t remember when it happened, or if it coincided with a shorewall update, but if I have shorewall "running", my 100mbps connection is limited to about 1-6mbps per connection. This is with TC/Shaping/QoS disabled or enabled. I have no idea if its shorewall doing something funky or ipables or what, but if I

Hi, I followed the instructions posted on the shorewall web page for transparent proxy, but I still cannot get it to work. I have almost the same setup as described on the web, running squid on dmz, eth1, and the loc on eth2. I can see that packets going out from the fw, they are not sent to the squid proxy, and if I try to telnet to the squid proxy to port 80, where I should be directed to

Having study a number of documents on linux traffic shaper, I started to setup my shaping rules in my network. My linux box is running RH AS3 U3, shorewall 2.0.9. It is using PPPoE connected to the Internet firewall: eth0: connect to the adsl modem eth1: private net ppp0: virtual dial up interface for pppoe There is a ftp server on the private net It is listen for port 21 and configured

Hello, I have a problem with simple traffic shapping in shorewall, my current configuration is: zones vlan10 ipv4 # interfaces vlan10 vlan10 detect tcpflags,routeback shorewall.conf TC_ENABLED=Simple tcinterfaces vlan10 Internal 1mbit:50kb shorewall show tc Device vlan10: qdisc prio 5: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 25341476 bytes 45125 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc sfq 51: parent 5:1 limit 12...

...; then Shorewall won''t clear the current traffic control rules during [re]start. This setting is intended for use by people that prefer to configure traffic shaping when the network interfaces come up rather than when the firewall is started. If that is what you want to do, set TC_ENABLED=Yes and CLEAR_TC=No and do not supply an /etc/shorewall/tcstart file. That way, your traffic shaping rules can still use the ''fwmark'' classifier based on packet marking defined in /etc/shorewall/tcrules. 4. A new SHARED_DIR variable has been added that allows distributi...

...eth4 189.36.0.2 track,balance=10 #tcrules 2:T 172.16.11.33 0.0.0.0/0 tcp 80,443 2:P 172.16.11.33 0.0.0.0/0 tcp 80,443 2 $FW 0.0.0.0/0 tcp 80,443 #shorewall.conf RESTORE_DEFAULT_ROUTE=No ROUTE_FILTER=No SAVE_IPSETS=No TC_ENABLED=Internal TC_EXPERT=No TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TRACK_PROVIDERS=Yes USE_DEFAULT_RT=No WIDE_TC_MARKS=Yes Thanks in advance -- *Fabiano Stocco** **Sysadmin* Agro Industrial Parati Ltda - Averama 44-3672-8000 44-8444-6635** ---------------------------------------...

...============ Yesterday we added VoIP. To do so, we force traffic from our Asterisk server to go throw ISP1 with a dedicated public IP and force the traffic from this dedicated public IP to go to Asterisk server (with IP filtering for security). This works too. Now, my problem is to put QoS (using TC_ENABLED=Internal). I try many configuration but always have the same problem: once the isp1 interface is listed in tcdevices, we have poor download speed. Even with/without other TC configuration. Here is our tcdevices file: ======================== #NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED...

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

...'']'' + do_initialize + export LC_ALL=C + LC_ALL=C + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + terminator=startup_error + version= + FW= + SUBSYSLOCK= + STATEDIR= + ALLOWRELATED=Yes + LOGRATE= + LOGBURST= + LOGPARMS= + ADD_IP_ALIASES= + ADD_SNAT_ALIASES= + TC_ENABLED= + LOGUNCLEAN= + BLACKLIST_DISPOSITION= + BLACKLIST_LOGLEVEL= + CLAMPMSS= + ROUTE_FILTER= + NAT_BEFORE_RULES= + DETECT_DNAT_IPADDRS= + MUTEX_TIMEOUT= + NEWNOTSYN= + LOGNEWNOTSYN= + FORWARDPING= + MACLIST_DISPOSITION= + MACLIST_LOG_LEVEL= + TCP_FLAGS_DISPOSITION= + TCP_FLAGS_LOG_LEVEL= + RFC1918_LO...

Ok, shaping on Linux is new to me.. so bear with me if i am just stupid. curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^# TCP_FLAGS_LOG_LEVEL=info TC_ENABLED=Yes CLEAR_TC=Yes TCP_FLAGS_DISPOSITION=DROP curtain:/etc/shorewall# So it should be enabled, right? ---- tcrules ---- 1 eth0 0.0.0.0/0 all 2 eth1 0.0.0.0/0 all 2 eth2 0.0.0.0/0 all 3 fw 0.0.0.0/0 all 20 192.168.0.161/32...

Hi folks, I''m having an issue with rsync between my firewall and an internal box. It seems to be a shorewall issue (or correctly speaking, an issue with my shorewall config) because if I disable shorewall my rsync works fine. And I just can''t find it documented anywhere what I need to do. I have rules like this : root@userver:/etc/shorewall# grep -i Rsync rules

Hi Guys, I''m asking this question again because I have exhausted resources for understanding how to get it to work. I''ve read the howto on getting traffic shaping to work (shorewall''s web site) as well as trying out wondershaper''s htb and cbq scripts. Somehow both does not seem to happen as I want it to. I''ve also read through the lartc

Hi, I''m using Shorewall 4.2.10 in Ubuntu 9.10, and I tried to set up some Traffic Shaping in my network since I share it with my brother and he''s using more than he should. Since this is an old version, I''m using TC_ENABLED=Internal. Everything is working nicely except for the localhost. It falls under the "default" class, and I don''t know how to include it in the second mark. My configuration is: eth1 - 10.0.1.0/24 - Receives the Internet connection from the modem eth0 - 10.0.0.0/24 - LAN that Sh...