search for: tcstart

Hi All, I have a custom TC configuration where I''m building the tc hierarchy manually with the tcstart script. I also need to add custom iptables rules in the mangle table to classify the packets. Currently I''m using started to insert the iptables commands, but that''s way too late in the process. I tried putting them into the initdone file, but it''s trying to parse that a...

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

Season Greetings to all Tom, in your faq, u have this noted: While I am currently using the HTB version of The Wonder Shaper (I just copied wshaper.htb to /etc/shorewall/tcstart and modified it as shown in the Wondershaper README), I treid this with wondershaper, using Bearing Leaf 1.0 stable i even changed the tc command to run_tc, and tried it in both angles, and i receive the following.. processing /etc/shorewall/tcstart :notfound :notfound :notfound :notfound :notf...

I''m currently building a firewall for a network with 2 ISP links. Unfortunately, one of the ISP''s doesn''t support BGP yet, otherwise I would be doing load balancing at the router, instead of the firewall. I''ve been trying to find information on how to get WonderShaper working, but everything I''ve found talks about setting it up for a firewall with one

...e (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch this tcstart''s line to "u32 match ip dst $IPADDR flowid 1:20" suddenly the shaping starts working. I cannot figure this one out, really. I''ll provide more details later and now let me ask you the second question: According to http://lists.shorewall.net/pipermail/shorewall-users/2003...

Hi everyone, I don''t know if you remember me, but i had a problem with a machine performing bridge (bridge-utils) and firewall (shorewall) duties. I wanted to control traffic in this machine using iproute2 and tc command with the tcstart and tcrules file in shorewall configuration. My machine hanged up when I used my traffic control script that way, but I found a solution :) The key is to use a script (not tcstart or tcrules) which contains iptables commands with "-m physdev --physdev-in <interface>". It works gre...

Hey all, I am using 1.4 and some 1.3 versions of the Shorewall. The question; Is "/etc/shorewall/tcstart" same as "/etc/shorewall/start" Thanks. ~Andrew.

Following my question: I want to limit all uploading coming from eth1, going to the internet, TCP port 333, to 5kbit. (The recipients in the internet receive the data on port 333) What do I have to add to the tcrules/tcstart files? The situation so far: The Linux PC is connected to the Internet with eth0. I have so far copied the contents of the wshaper.htb file (from The Wonder Shaper) to tcstart and commented out all the standard "options" because I don''t want them, but only my special rule here....

Hi there. Currently, our network design has two ISP lines and 3 subnets for LAN. Below are some details :- eth0 - isp1 eth1 - isp2 eth2 - subnet1 eth3 - subnet2 eth4 - subnet3 What i wanted to do is to assign incoming port 80 to our local squid server running on the firewall itself and assigned it to eth0(ISP1). I think it shouldnt be a problem as /etc/shorewall/rules provides a sample of the

...eth1 >> Mailserver -------------|------BRIDGE/FIREWALL------Router-----Internet >> DB App. server -------| >> >> I have installed iptoute2 and all kernel options needed. I have stated >> TC_ENABLED = Yes and copied my own script in the tcstart file so >> shorewall >> should run it when it gets restarted. I don''t get any errors when the >> script >> is executed, but all the packets go through the default queue in uplink >> and >> downlink when i analize the queues using . >> I use the f...

Hello, Today I restarted the firewall machine during an outage of the ADSL line overhere. At the boot Shorewall did not start but stopped during start. The problem was that the ADSL line was down so no DNS server available to resolve hostnames. I have a hostname in "blacklist" file and therefore shorewall did not start. Is this problem solvable without putting an IP address in the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found a problem with my tcstart script. First I was running system TC enabled for testing and then to stop all TC I changed TC_ENABLED=No. But I started to wonder why shorewall restart did _not_ clear TC rules after TC was disabled? So I checked firewall and found out that if TC_ENABLED=No TC_CLEAR is disabled automatically....

(excuse me for my english) why mark range in tcrules is 1-255 ? iptables support marks > 255. Leandro.

...d is the one available from the Shorewall download sites in the /pub/shorewall directory. To use ash, I made the following changes: 1) I edited /usr/share/shorewall/firewall and changed the first line to "#!/bin/ash" 2) I run WonderShaper which I''ve installed in /etc/shorewall/tcstart. I edited that file and changed two instances of "$[...]" to "$((...))". -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

I don''t know whether this is the right place to ask, but kindly point me to an FM that I can R if it isn''t. My wife is creating lots of Kazaa traffic, and I am using rsync to create a full mirror of Red Hat''s FTP site, Aurora Linux FTP site, the LDP site, and some other stuff. Clearly, when one is moving well over 100GB over a 128 Kbps link, this is going to take a

...ules during [re]start. This setting is intended for use by people that prefer to configure traffic shaping when the network interfaces come up rather than when the firewall is started. If that is what you want to do, set TC_ENABLED=Yes and CLEAR_TC=No and do not supply an /etc/shorewall/tcstart file. That way, your traffic shaping rules can still use the ''fwmark'' classifier based on packet marking defined in /etc/shorewall/tcrules. 4. A new SHARED_DIR variable has been added that allows distribution packagers to easily move the shared directory (default /usr...

...g like this: FTP/Webserver ------| eth0 eth1 Mailserver -------------|------BRIDGE/FIREWALL------Router-----Internet DB App. server -------| I have installed iptoute2 and all kernel options needed. I have stated TC_ENABLED = Yes and copied my own script in the tcstart file so shorewall should run it when it gets restarted. I don''t get any errors when the script is executed, but all the packets go through the default queue in uplink and downlink when i analize the queues using . I use the following script to start the bridge: #!/bin/sh set -x #Activam...

Greetings, I am trying to set up Wonder Shaper to work along with Shorewall 2.0.8. I have read through this document here: http://shorewall.net/traffic_shaping.htm and set the necessary options in shorewall.conf, and I coped the contents of the htb file to tcstart and changed things in accordance with the readme. Now from what im seeing, that''s all there is to it and it should work, right? One problem when I start shorewall after that, is that my messaging programs will still work, but for some access to webpages fails to work. Does anyone have...

I try use setup traffic shaping with Shorewall-4.0.2 and have fault. When i start Shorewall with tc-files configured i get follow messages: ... RTNETLINK answers: No such file or directory We have an error talking to the kernel ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid :1" Failed

...1 and configured 50000:51000 for PASV connection my related config file as follows /etc/shorewall/rules . DNAT all loc:192.168.103.100 tcp 21,20,50000:51000 . . /etc/shorewall/tcrules 1 ppp0 0.0.0.0 tcp - 80 2 ppp0 0.0.0.0 tcp 21,20,50000:51000 21,20,50000:51000 3 ppp0 0.0.0.0 all /etc/shorewall/tcstart #!/bin/bash tc qdisc add dev ppp0 root handle 1: htb default 30 tc class add dev ppp0 parent 1: classid 1:1 htb rate 440kbit burst 15k tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 300kbit tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 56kbit tc class add dev ppp0 parent 1:1 cla...