search for: tcpre

...ytes target prot opt in out source destination 215 36310 CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match !0x0/0xff CONNMARK restore mask 0xff 648 69251 routemark 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0/0xff 647 69125 tcpre 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 21873 7205K tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0/0xff00 Chain INPUT (policy ACCEPT 20174 packets, 6867K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEP...

...ppp0 - 201:P eth4 ppp1 - Given that the packet''s are being marked in the PREROUTING chain, a destination device should not be allowed in the rule; nevertheless, iptables is not generating an error (the rule is being added to the ''tcpre'' which is jumped to from the PREROUTING chain -- this sort of violation is supposed to generate an error but isn''t). The result in this poster''s case is three nonsensical rules which I would guess will never match any packets ("shorewall show mangle" needed...

...0.0.0.0/0 0.0.0.0/0 MARK set 0x80 4600 737K MARK all -- eth0.1 * 0.0.0.0/0 0.0.0.0/0 MARK set 0x40 4932 783K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0/0xff CONNMARK save mask 0xff and a tcpre chain of (who''s purpose is to default traffic via the CGCO table and connection): Chain tcpre (3 references) pkts bytes target prot opt in out source destination 1310K 1862M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 MAR...

...16 Sent 7209229 bytes 137739 pkts (dropped 1, overlimits 364) # iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination IMQ all -- anywhere anywhere IMQ: todev 1 pretos all -- anywhere anywhere tcpre all -- anywhere anywhere Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination IMQ all -- anywhere anywhere IMQ: todev 0 tcfor all...

...7.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=49174 SEQ=37889 > TRACE: mangle:PREROUTING:rule:1 IN=eth3 OUT= SRC=83.3.197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=49174 SEQ=37889 > TRACE: mangle:tcpre:return:1 IN=eth3 OUT= SRC=83.3.197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=49174 SEQ=37889 > TRACE: mangle:PREROUTING:policy:2 IN=eth3 OUT= SRC=83.3.197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID...

...1778292 bytes 35841 pkt (dropped 0, overlimits 0 requeues 153) rate 0bit 0pps backlog 0b 0p requeues 153 And I have the following iptables rules: Chain PREROUTING (policy ACCEPT 1564K packets, 875M bytes) pkts bytes target prot opt in out source destination 1560K 872M tcpre all -- * * 0.0.0.0/0 0.0.0.0/0 Chain tcpre (1 references) pkts bytes target prot opt in out source destination 1504K 864M CONNMARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore mask 0xff 1280K 726M RETU...

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

Having study a number of documents on linux traffic shaper, I started to setup my shaping rules in my network. My linux box is running RH AS3 U3, shorewall 2.0.9. It is using PPPoE connected to the Internet firewall: eth0: connect to the adsl modem eth1: private net ppp0: virtual dial up interface for pppoe There is a ftp server on the private net It is listen for port 21 and configured

Hi all, I''m trying to set up traffic shaping and I''m having some difficulty. Here is what I want, and where I am. 1. HTTP and SMTP traffic needs to be priority 1. 2. All other traffic priority 2 3. Torrent traffic priority 3. My distro is Fedora Core 4, and the torrent protocol does not appear in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is built on top

I haven''t debugged this enough to understand what is happening, but I observe the following: someipset = bitmap:ip,mac 1) br0:+someipset 2) br0:+someipset[2] The first 1) doesn''t match anything in rules or tcrules, the second 2) matches fine. (Also using +someipset[1] doesn''t match anything) Is it possible/sensible/feasible to have shorewall figure out the

I have, for the time being, decided to split my dual ISP/single shorewall connection into two shorewall connections/boxes, each handling one ISP. I am running OSPF in the network and so far things are working out fairly well (from a client of the two gateways). $ ip route ls 10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20 192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric

I am setting to a shorewall system with 4 NIC''s as per the outline specification below. Can anyone please have a look and let me know what I have missed and what I have got wrong as I want to take this system live ASAP but do not want to kill internet access and the hosting for too long ! I have listed below the system outline & have attached the config files that I have changed, if

...2 packets, 106K bytes) pkts bytes target prot opt in out source destination 437 65376 man1918 ah -- eth0 * 0.0.0.0/0 0.0.0.0/0 992 106K pretos ah -- * * 0.0.0.0/0 0.0.0.0/0 992 106K tcpre ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 MARK tcp -- eth3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 MARK set 0xca 0 0 MARK tcp -- eth3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 MARK set 0xca Ch...

...mx:/usr/share/shorewall# more /var/lib/shorewall/.iptables-restore-input *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :tcfor - [0:0] :tcout - [0:0] :tcpost - [0:0] :tcpre - [0:0] -A PREROUTING -j tcpre -A FORWARD -j tcfor -A OUTPUT -j tcout -A POSTROUTING -j tcpost COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :Drop - [0:0] :Reject - [0:0] :all2all - [0:0] :blacklst - [0:0] :dropBcast - [0:0] :dropInvalid - [0:0] :dropNotSyn - [0:0] :dyna...

...0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to:192.168.1.2 Mangle Table Chain PREROUTING (policy ACCEPT 72574 packets, 11M bytes) pkts bytes target prot opt in out source destination 523 60122 pretos all -- * * 0.0.0.0/0 0.0.0.0/0 517 59810 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INPUT (policy ACCEPT 50316 packets, 7586K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 11429 packets, 1761K bytes) pkts bytes target prot opt in out sou...

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

...ces) pkts bytes target prot opt in out source destination 6919 507K MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0 Mangle Table Chain PREROUTING (policy ACCEPT 2522K packets, 1576M bytes) pkts bytes target prot opt in out source destination 2522K 1576M tcpre all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INPUT (policy ACCEPT 77417 packets, 11M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 2444K packets, 1565M bytes) pkts bytes target prot opt in out source destination 244...

I''m having troubles with my outbound VOIP connection. I''m convinced that I don''t have QOS/traffic shaping configured properly in my shorewall linux firewall, which serves as my Asterisk VOIP server and Internet router/gateway. I don''t have a separate router box. I''ve been using VOIP for about a year now, but just recently realized that I need to

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at