Displaying 20 results from an estimated 46 matches for "tc_enable".
2004 Aug 16
1
CLEAR_TC=Yes & TC_ENABLED=No
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I found a problem with my tcstart script.
First I was running system TC enabled for testing and then to stop all
TC I changed TC_ENABLED=No.
But I started to wonder why shorewall restart did _not_ clear TC rules
after TC was disabled?
So I checked firewall and found out that if TC_ENABLED=No TC_CLEAR is
disabled automatically.
Question is: should TC_ENABLED=No disable CLEAR_TC? Now it''s doing so.
Shorewall is version 2...
2006 Mar 03
3
tcdevices Error
Version 3.0.5 with the two-devices setup (eth0 - net, eth1 - loc).
Kernel 2.4.29
tcdevices, tcrules, and tcclasses are clones of the wondershaper example
(http://www.shorewall.net/traffic_shaping.htm) with eth0 replacing ppp.
With TC_ENABLED=Internal in shorewall.conf:
----
Validating /etc/shorewall/tcdevices...
Validating /etc/shorewall/tcclasses...
ERROR: device A seems not to be configured in tcdevices
----
No errors with TC_ENABLED=No although the line "Setting up Traffic Control
Rules..." is printed. Shouldn'...
2003 Jul 21
4
shorewall 1.4.6 question
why say:
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Not available
not available ? modules is loaded. or for rule = 0 ?
TC_ENABLE=Yes say Error: Traffic Control requires Mangle
2011 Apr 23
6
TC: Simple and complex configs interplay
Hello,
From a user perspective, the simple (tcpri) and complex TC configs
offers two rather distinct choices. A user can very well be OK with
only using the simple way and that''s very fine. Then again, even in
doing so, the more complex config options are available. What is the
interplay between the two as far as having some parameters configured
in both at the same time ? So far
2012 Sep 20
1
Debian Lenny very simple traffic shaping not working
Hi,
I am trying to do the simplest configuration of traffic shaping.
So I did:
shorewall.conf
TC_ENABLED=Simple
tcinterfaces
eth0.2 External 500kbit
tcdevices
eth0.2 500kbit 200kbit
And I am testing the speed on that interface - whether I did it ok or not,
and my speed is still 4mbit/512kbit.
So the question is - How to reduce the speed on interface connected to t...
2012 Jul 04
0
Shorewall 4.5.6 RC 1
...ndling wildcard interfaces
with the ''wait=n'' option was incorrect. For each matching interface,
the script would check its readiness n times in rapid
succession. The script now sleeps 1 second between checks.
2) Previously, the tcrules file was not processed when
TC_ENABLED=No. That meant that to use features like TPROXY without
also using traffic shaping, it was necessary to set TC_ENABLED=Yes
and create a dummy /etc/shorewall/tcstart file. Now, only
MANGLE_ENABLED=Yes is required.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfathe...
2012 Jul 04
0
Shorewall 4.5.6 RC 1
...ndling wildcard interfaces
with the ''wait=n'' option was incorrect. For each matching interface,
the script would check its readiness n times in rapid
succession. The script now sleeps 1 second between checks.
2) Previously, the tcrules file was not processed when
TC_ENABLED=No. That meant that to use features like TPROXY without
also using traffic shaping, it was necessary to set TC_ENABLED=Yes
and create a dummy /etc/shorewall/tcstart file. Now, only
MANGLE_ENABLED=Yes is required.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfathe...
2013 Jun 28
3
Bandwidth limited when shorewall is enabled
Hi,
I''ve been having a really strange thing happen. I can''t remember when it
happened, or if it coincided with a shorewall update, but if I have shorewall
"running", my 100mbps connection is limited to about 1-6mbps per connection.
This is with TC/Shaping/QoS disabled or enabled.
I have no idea if its shorewall doing something funky or ipables or what, but
if I
2003 Aug 29
1
transparent proxy with shorewall
Hi,
I followed the instructions posted on the
shorewall web page for transparent proxy, but I
still cannot get it to work.
I have almost the same setup as described on the web, running squid on dmz, eth1, and the loc on eth2.
I can see that packets going out from the fw, they are not sent to the squid proxy, and if I try to telnet to the squid proxy to port 80, where I should be directed to
2004 Nov 24
14
traffic shaping on ftp server don''t work
Having study a number of documents on linux traffic shaper, I started
to setup my shaping rules in my network.
My linux box is running RH AS3 U3, shorewall 2.0.9.
It is using PPPoE connected to the Internet
firewall:
eth0: connect to the adsl modem
eth1: private net
ppp0: virtual dial up interface for pppoe
There is a ftp server on the private net
It is listen for port 21 and configured
2012 Nov 20
3
Simple Traffic Shaping Problem
Hello,
I have a problem with simple traffic shapping in shorewall, my current
configuration is:
zones
vlan10 ipv4 #
interfaces
vlan10 vlan10 detect tcpflags,routeback
shorewall.conf
TC_ENABLED=Simple
tcinterfaces
vlan10 Internal 1mbit:50kb
shorewall show tc
Device vlan10:
qdisc prio 5: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 25341476 bytes 45125 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc sfq 51: parent 5:1 limit 12...
2003 Jan 14
3
Shorewall-1.3.13
...; then Shorewall won''t clear the current
traffic control rules during [re]start. This setting is intended
for use by people that prefer to configure traffic shaping when
the network interfaces come up rather than when the firewall
is started. If that is what you want to do, set TC_ENABLED=Yes and
CLEAR_TC=No and do not supply an /etc/shorewall/tcstart file. That
way, your traffic shaping rules can still use the ''fwmark''
classifier based on packet marking defined in /etc/shorewall/tcrules.
4. A new SHARED_DIR variable has been added that allows distributi...
2012 Jan 19
3
Problema link balance and internet bank
...eth4 189.36.0.2
track,balance=10
#tcrules
2:T 172.16.11.33 0.0.0.0/0 tcp 80,443
2:P 172.16.11.33 0.0.0.0/0 tcp 80,443
2 $FW 0.0.0.0/0 tcp 80,443
#shorewall.conf
RESTORE_DEFAULT_ROUTE=No
ROUTE_FILTER=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
WIDE_TC_MARKS=Yes
Thanks in advance
--
*Fabiano Stocco**
**Sysadmin*
Agro Industrial Parati Ltda - Averama
44-3672-8000
44-8444-6635**
---------------------------------------...
2013 Dec 03
5
Multiple ISP + traffic shapping = poor download speed
...============
Yesterday we added VoIP. To do so, we force traffic from our Asterisk server to go throw ISP1 with a dedicated public IP and force the traffic from this dedicated public IP to go to Asterisk server (with IP filtering for security). This works too.
Now, my problem is to put QoS (using TC_ENABLED=Internal). I try many configuration but always have the same problem: once the isp1 interface is listed in tcdevices, we have poor download speed. Even with/without other TC configuration.
Here is our tcdevices file:
========================
#NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED...
2008 Oct 24
6
routing packet from/to source/destination
Hi all and specially Mr. Tom....
(Please, do not be acid with me please! I am only a newbie, trying learn
more about shorewall)
I get involved with a Firewall Project in a customer here in my city...
In this customer, he has two Internet Providers.
So, he ask me how make certain connection following one routing path (like
RT_1) and others connections type, following the other routing path
2003 Aug 12
1
Shorewall Keeps sending false IP Address Conflict
...'']''
+ do_initialize
+ export LC_ALL=C
+ LC_ALL=C
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ terminator=startup_error
+ version=
+ FW=
+ SUBSYSLOCK=
+ STATEDIR=
+ ALLOWRELATED=Yes
+ LOGRATE=
+ LOGBURST=
+ LOGPARMS=
+ ADD_IP_ALIASES=
+ ADD_SNAT_ALIASES=
+ TC_ENABLED=
+ LOGUNCLEAN=
+ BLACKLIST_DISPOSITION=
+ BLACKLIST_LOGLEVEL=
+ CLAMPMSS=
+ ROUTE_FILTER=
+ NAT_BEFORE_RULES=
+ DETECT_DNAT_IPADDRS=
+ MUTEX_TIMEOUT=
+ NEWNOTSYN=
+ LOGNEWNOTSYN=
+ FORWARDPING=
+ MACLIST_DISPOSITION=
+ MACLIST_LOG_LEVEL=
+ TCP_FLAGS_DISPOSITION=
+ TCP_FLAGS_LOG_LEVEL=
+ RFC1918_LO...
2004 Aug 07
11
Traffic shaping?
Ok, shaping on Linux is new to me.. so bear with me if i am just stupid.
curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^#
TCP_FLAGS_LOG_LEVEL=info
TC_ENABLED=Yes
CLEAR_TC=Yes
TCP_FLAGS_DISPOSITION=DROP
curtain:/etc/shorewall#
So it should be enabled, right?
---- tcrules ----
1 eth0 0.0.0.0/0 all
2 eth1 0.0.0.0/0 all
2 eth2 0.0.0.0/0 all
3 fw 0.0.0.0/0 all
20 192.168.0.161/32...
2013 Sep 16
7
Rsync rules for Shorewall
Hi folks,
I''m having an issue with rsync between my firewall and an internal
box. It seems to be a shorewall issue (or correctly speaking, an
issue with my shorewall config) because if I disable shorewall my
rsync works fine.
And I just can''t find it documented anywhere what I need to do.
I have rules like this :
root@userver:/etc/shorewall# grep -i Rsync rules
2004 Apr 16
1
Traffic Shaping using Shorewall and WonderShaper
Hi Guys,
I''m asking this question again because I have exhausted resources
for understanding how to get it to work.
I''ve read the howto on getting traffic shaping to work (shorewall''s
web site) as well as trying out wondershaper''s htb and cbq scripts.
Somehow both does not seem to happen as I want it to.
I''ve also read through the lartc
2010 Feb 16
0
Traffic Shaping on a machine that isn't just a firewall
Hi,
I''m using Shorewall 4.2.10 in Ubuntu 9.10, and I tried to set up some
Traffic Shaping in my network since I share it with my brother and
he''s using more than he should.
Since this is an old version, I''m using TC_ENABLED=Internal.
Everything is working nicely except for the localhost. It falls under
the "default" class, and I don''t know how to include it in the second
mark.
My configuration is:
eth1 - 10.0.1.0/24 - Receives the Internet connection from the modem
eth0 - 10.0.0.0/24 - LAN that Sh...