I just thought I''d give a friendly post to let you know what I''ve found: BE SURE TO DISABLE Quality of Service if you compile your own kernel! It took=20 me about 10 hours to realize that was what was causing shorewall to NOT WORK! =20 (This might be something to add into the FAQ or troubleshooting section.) The symptoms experienced were: 1) Normal startup (i.e. no error messages) 2) Just didn''t work. Actually, the occasional packet was allowed through, but it almost never=20 happened.
On Thu, 20 Jun 2002, Sean Cross wrote:> I just thought I''d give a friendly post to let you know what I''ve found: > BE SURE TO DISABLE Quality of Service if you compile your own kernel! It took > me about 10 hours to realize that was what was causing shorewall to NOT WORK! > (This might be something to add into the FAQ or troubleshooting section.) > > The symptoms experienced were: > 1) Normal startup (i.e. no error messages) > 2) Just didn''t work. > > Actually, the occasional packet was allowed through, but it almost never > happened.Sounds like something that I should investigate -- thanks for the heads up. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Thu, 20 Jun 2002, Sean Cross wrote:> I just thought I''d give a friendly post to let you know what I''ve found: > BE SURE TO DISABLE Quality of Service if you compile your own kernel! It took > me about 10 hours to realize that was what was causing shorewall to NOT WORK! > (This might be something to add into the FAQ or troubleshooting section.) > > The symptoms experienced were: > 1) Normal startup (i.e. no error messages) > 2) Just didn''t work. > > Actually, the occasional packet was allowed through, but it almost never > happened.Can you tell me which QoS options you selected? Since Shorewall is designed to work with QoS (See http://www.shorewall.net/traffic_shaping.htm), it''s not good that if you don''t configure any traffic shaping that it doesn''t work. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Actually, it was probably my fault completely. I had the kernel (v2.4.18-xfs)=20 set up as such: CONFIG_NET_SCHED=3Dy CONFIG_NET_QOS=3Dy CONFIG_NET_ESTIMATOR=3Dy CONFIG_NET_CLS=3Dy CONFIG_NET_CLS_POLICE=3Dy Everything else under "QoS and/or fair queueing" set to "M". None of them=20 actually loaded. They were compiled in because I meant to do some experimentation with QoS, and=20 I forgot about them when I went to build the server. After saying ''n'' to=20 CONFIG_NET_SCHED, recompiling, and rebooting, it started working. On Thursday 20 June 2002 04:15 pm, Tom Eastep wrote:> On Thu, 20 Jun 2002, Sean Cross wrote: > > I just thought I''d give a friendly post to let you know what I''ve found: > > BE SURE TO DISABLE Quality of Service if you compile your own kernel! It > > took me about 10 hours to realize that was what was causing shorewall to > > NOT WORK! (This might be something to add into the FAQ or troubleshooting > > section.) > > > > The symptoms experienced were: > > 1) Normal startup (i.e. no error messages) > > 2) Just didn''t work. > > > > Actually, the occasional packet was allowed through, but it almost never > > happened. > > Can you tell me which QoS options you selected? Since Shorewall is > designed to work with QoS (See > http://www.shorewall.net/traffic_shaping.htm), it''s not good that if you > don''t configure any traffic shaping that it doesn''t work. > > -Tom
On Thu, 20 Jun 2002, Sean Cross wrote:> Actually, it was probably my fault completely. I had the kernel (v2.4.18-xfs) > set up as such: > CONFIG_NET_SCHED=y > CONFIG_NET_QOS=y > CONFIG_NET_ESTIMATOR=y > CONFIG_NET_CLS=y > CONFIG_NET_CLS_POLICE=y > Everything else under "QoS and/or fair queueing" set to "M". None of them > actually loaded. > > They were compiled in because I meant to do some experimentation with QoS, and > I forgot about them when I went to build the server. After saying ''n'' to > CONFIG_NET_SCHED, recompiling, and rebooting, it started working. >My kernel is compiled almost identically -- I''ve now removed my ''tcstart'' file are restarted Shorewall. Everything seems to be working fine. Wonder what''s different in my setup and yours... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Thursday 20 June 2002 04:32 pm, Tom Eastep wrote:> On Thu, 20 Jun 2002, Sean Cross wrote: > > Actually, it was probably my fault completely. I had the kernel > > (v2.4.18-xfs) set up as such: > > CONFIG_NET_SCHED=3Dy > > CONFIG_NET_QOS=3Dy > > CONFIG_NET_ESTIMATOR=3Dy > > CONFIG_NET_CLS=3Dy > > CONFIG_NET_CLS_POLICE=3Dy > > Everything else under "QoS and/or fair queueing" set to "M". None of > > them actually loaded. > > > > They were compiled in because I meant to do some experimentation with > > QoS, and I forgot about them when I went to build the server. After > > saying ''n'' to CONFIG_NET_SCHED, recompiling, and rebooting, it started > > working. > > My kernel is compiled almost identically -- I''ve now removed my ''tcstart'' > file are restarted Shorewall. Everything seems to be working fine. > > Wonder what''s different in my setup and yours... > > -TomI''m really not sure. I''m at a loss to explain. There must have been another=20 setting I changed to get it to work. At any rate, it''s working normally now. =20 I apologize for wasting your time, and thank you humbly for a terriffic=20 product.
On Thu, 20 Jun 2002, Sean Cross wrote:> I''m really not sure. I''m at a loss to explain. There must have been another > setting I changed to get it to work.Always possible...> At any rate, it''s working normally now. I apologize for wasting your > timeNot at all -- if you have occasion to test this again and it doesn''t work, the output from "shorewall show tc" could be helpful.> and thank you humbly for a terriffic product.You''re most welcome... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net