search for: tcout

Hi! It''s me again bothering you guys, what I want to do is to give full bandwidth to VPN traffic and limit the rest to 30KB/s (kilobytespersecond), ok? Here''s what I have: tcclasses ################################## eth0 1 1kbps 70kbps 1 eth0 2 1kbps 30kbps 2 default eth1 3 15kbps 10000kbps 1 eth1 4

Hi All, I''m using Shorewall 3.0.4 and I''m wondering if it is possible to do traffic shapping on only one interface from a bridge. The firewall has got 3 NIC, eth0, eth1, eth2. eth0 and eth2 are bridged, but if I''m right, when you specify a traffic rate for a link, you do it for the interface. In my case, eth0 and eth2 do not appear in the interface file, but it is

...est on the firewall. If I put ftp in the HELPER column of tcrules I can mark those packets. With sip in the HELPER column though nothing happens. Attached is a "shorewall dump > dump.txt" that was taken while Asterisk was making a SIP call. You''ll see that under "Chain tcout" there are 0 packets. When "helper match "ftp" MARK set 0x1", that is not the case. Any ideas as to why sip packets don''t get marked? Regards Fog_Watch. -- "A. Because it breaks the logical order of conversation. Q. Why is top posting bad?" -------...

...prot opt source destination IMQ all -- anywhere anywhere IMQ: todev 0 tcfor all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination outtos all -- anywhere anywhere tcout all -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain outtos (1 references) target prot opt source destination Chain pretos (1 references) target prot opt source destination Ch...

I''m having troubles with my outbound VOIP connection. I''m convinced that I don''t have QOS/traffic shaping configured properly in my shorewall linux firewall, which serves as my Asterisk VOIP server and Internet router/gateway. I don''t have a separate router box. I''ve been using VOIP for about a year now, but just recently realized that I need to

...* * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 112K packets, 56M bytes) pkts bytes target prot opt in out source destination 454 47166 CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match !0x0/0xff CONNMARK restore mask 0xff 20313 10M tcout 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0/0xff00 Chain POSTROUTING (policy ACCEPT 22096 packets, 10M bytes) pkts bytes target prot opt in out source destination 22062 10M tcpost 0 -- * * 0.0.0.0/0 0.0.0.0/0 Chain routemark (1 refe...

I am setting to a shorewall system with 4 NIC''s as per the outline specification below. Can anyone please have a look and let me know what I have missed and what I have got wrong as I want to take this system live ASAP but do not want to kill internet access and the hosting for too long ! I have listed below the system outline & have attached the config files that I have changed, if

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

>If you > >a) Have the correct REDIRECT rule (which you do); and >b) Are accepting $FW->Net HTTP traffic (which you are -- at least with your >policy); and >c) DNS works from your firewall (I assume it does since you are wide open >from $FW->Net); then >The problem is in your Squid configuration (this is true in %90 of the >reports on this list where Squid

...ta: > Sat, 17 Dec 2005 11:26:25 -0600 > (18:26 CET) > > > ----- Original Message ----- > > All config files and debug files is into attachment tar file. > > > > > Thanks, > > Thanks you Tom! > > > >From the dump that you posted: > Chain tcout (1 references) > pkts bytes target prot opt in out source > destination > 1 60 MARK tcp -- * * 0.0.0.0/0 ! > 192.168.0.0/16 tcp dpt:22 MARK set 0x5 > 7 420 MARK tcp -- * * 0.0.0.0/0 ! &...

Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the

...ewall/.iptables-restore-input mx:/usr/share/shorewall# more /var/lib/shorewall/.iptables-restore-input *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :tcfor - [0:0] :tcout - [0:0] :tcpost - [0:0] :tcpre - [0:0] -A PREROUTING -j tcpre -A FORWARD -j tcfor -A OUTPUT -j tcout -A POSTROUTING -j tcpost COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :Drop - [0:0] :Reject - [0:0] :all2all - [0:0] :blacklst - [0:0] :dropBcast - [0:0] :dropInvalid -...

...58 2960 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 42026 packets, 7783K bytes) pkts bytes target prot opt in out source destination 102 14445 outtos all -- * * 0.0.0.0/0 0.0.0.0/0 96 13621 tcout all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 53420 packets, 9538K bytes) pkts bytes target prot opt in out source destination Chain outtos (1 references) pkts bytes target prot opt in out source destination...

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

...PT 2444K packets, 1565M bytes) pkts bytes target prot opt in out source destination 2444K 1565M tcfor all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 147K packets, 195M bytes) pkts bytes target prot opt in out source destination 147K 195M tcout all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 2592K packets, 1760M bytes) pkts bytes target prot opt in out source destination 2592K 1760M tcpost all -- * * 0.0.0.0/0 0.0.0.0/0 Chain tcfor (1 references) pkts bytes target p...

....187.140.1 DST=83.3.197.202 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=33445 PROTO=ICMP TYPE=0 CODE=0 ID=49174 SEQ=37889 > TRACE: mangle:OUTPUT:rule:1 IN= OUT=eth3 SRC=195.187.140.1 DST=83.3.197.202 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=33445 PROTO=ICMP TYPE=0 CODE=0 ID=49174 SEQ=37889 > TRACE: mangle:tcout:return:1 IN= OUT=eth3 SRC=195.187.140.1 DST=83.3.197.202 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=33445 PROTO=ICMP TYPE=0 CODE=0 ID=49174 SEQ=37889 > TRACE: mangle:OUTPUT:policy:2 IN= OUT=eth3 SRC=195.187.140.1 DST=83.3.197.202 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=33445 PROTO=ICMP TYPE=0 CODE=0 ID=491...

...in out source destination Chain OUTPUT (policy ACCEPT 91 packets, 8496 bytes) pkts bytes target prot opt in out source destination 91 8496 outtos ah -- * * 0.0.0.0/0 0.0.0.0/0 91 8496 tcout ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 922 packets, 100K bytes) pkts bytes target prot opt in out source destination Chain logdrop (25 references) pkts bytes target prot opt in out sou...

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at